Hi, I've noticed that Dovecot is using per default the elliptic curve sect571r1. Because not all clients might support sect571r1, I would like to set the elliptic curve manually. Is that possible? -Ihsan -- ihsan at dogan.ch http://blog.dogan.ch/
On 22.08.2016 16:21, ?hsan Do?an wrote:> Hi, > > I've noticed that Dovecot is using per default the elliptic curve > sect571r1. Because not all clients might support sect571r1, I would like > to set the elliptic curve manually. Is that possible? > > > > -Ihsan >Hi! If your openssl does not support automatic curve selection (>=1.0.2), we fall back to using what your private EC key uses, or NIST-P384 as last resort. Aki Tuomi Dovecot oy
+1 I opened a ticket (a while ago) to add manual selection of the curves. On Mon, Aug 22, 2016 at 6:59 PM, Aki Tuomi <'aki.tuomi at dovecot.fi'> wrote: On 22.08.2016 16:21, ?hsan Do?an wrote:> Hi, > > I've noticed that Dovecot is using per default the elliptic curve > sect571r1. Because not all clients might support sect571r1, I would like > to set the elliptic curve manually. Is that possible? > > > > -Ihsan >Hi! If your openssl does not support automatic curve selection (>=1.0.2), we fall back to using what your private EC key uses, or NIST-P384 as last resort. Aki Tuomi Dovecot oy