pve-http-server

mirror of https://git.proxmox.com/git/pve-http-server synced 2025-07-01 19:28:30 +00:00

History

Fabian Grünbichler 10f9a4b775 fix #1332 : allow ECDHE with all supported curves with openssl 1.0.1, we had to limit ourself to one curve to allow ECDHE at all. with openssl 1.1.x, the same limit actually means only allowing ECDSA certificates using that curve, even for non-ephemeral ECDH handshakes, effectively only allowing prime256 EC certificates. since openssl 1.1.x supports auto-negotiation of the curve used for ECDHE, simply use that for now. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>	2017-04-03 15:05:40 +02:00
..
APIServer	fix #1332 : allow ECDHE with all supported curves	2017-04-03 15:05:40 +02:00

Fabian Grünbichler 10f9a4b775 fix #1332 : allow ECDHE with all supported curves

with openssl 1.0.1, we had to limit ourself to one curve to
allow ECDHE at all.

with openssl 1.1.x, the same limit actually means only
allowing ECDSA certificates using that curve, even for
non-ephemeral ECDH handshakes, effectively only allowing
prime256 EC certificates.

since openssl 1.1.x supports auto-negotiation of the curve
used for ECDHE, simply use that for now.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

2017-04-03 15:05:40 +02:00

APIServer

fix #1332 : allow ECDHE with all supported curves

2017-04-03 15:05:40 +02:00