[rhelv6-list] RHEL 6.5 added ECDHE, but not for Apache, Postfix, Sendmail, etc.
Dirk Gfrörer
Dirk.Gfroerer at guh-software.de
Thu Mar 13 10:36:04 UTC 2014
On 12.03.2014 22:22, Chris Adams wrote:
> I was configuring a web server, and thought I'd enable forward secrecy
> since RHEL 6.5 now includes some elliptic curve support (specifically,
> ECDHE). However, I found that RHEL's Apache package hasn't been rebuilt
> since the OpenSSL update to enable elliptic curve.
>
> Neither have Postfix, Sendmail, or most any other OpenSSL-using package
> that I checked. The packages have to be recompiled to take advantage of
> ECC (that part of OpenSSL is apparently a compile-time feature check,
> not something that can be enabled just by recompiling the OpenSSL shared
> libs).
>
> Does anybody know if Red Hat plans on rebuilding these OpenSSL-using
> packages?
while this actually does not answer your question:
postfix was rebuilt on February, 20th for RHBA-2014:0191-1. Since then
ECDHE support is available. At least our mail servers are now using
these ciphers.
You probably need to open up a service request for the rest.
Kind Regards,
Dirk
More information about the rhelv6-list
mailing list