search for: ssl_proxy_ctx_get_pkey_ec_curve_nam

...const struct master_service_ssl_settings *ssl_set); static void ssl_server_context_deinit(struct ssl_server_context **_ctx); +static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, + const struct master_service_ssl_settings *set); +static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set); + static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx) { unsigned int i, g, h = 0; @@ -993,11 +997,58 @@ store = SSL_CTX_get_cert_store(ssl_ctx); load_ca(store, set->ssl_ca, load_xnames ? &xnames : NULL);...

...however make Dovecot non-compliant with RFC 6460 which requires curve NIST P-256 (prime256v1) be used when AES-128 TLS cipher suites are in use. At least the non-compliance is in the form of providing too much security rather than too little. */ nid = ssl_proxy_ctx_get_pkey_ec_curve_name(set); ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == NULL) { /* Fall back option */ nid = NID_secp384r1; ecdh = EC_KEY_new_by_curve_name(nid); } if ((curve_name = OBJ_nid2sn(nid)) != NULL && set->verbose_...