Re: ECDH

> The above is jumbled because your mail client is BROKEN and top-posts, even when replying to your own posts. If it isn't worth your effort to fix that, it might not be worth the effort of those who might reply to actually respond.

My e-mail client is just fine.
It is the mailing-list software that is broken.

> To answer your questions:
> - there was no change to httpd,
> - there was a change to libressl,
> - Yes, ECDHE is still supported.

OK

> You state you "do not want automatic selection of the curve". If you are that invested in the question then you should be reading the full commit messages sent to to the public source-changes@openbsd.org mailling lists and not just tedu@'s summaries, as he elided much of the commit message.

I am invested in it. My whole business depends on libressl, and each change in their API triggers much pain all the way up to a 500MB system that needs to be patched and re-compiled.

libressl changes hit me when the portable source is released from github, because the libressl list happens to be a closed club.

> The full commit message was: [...] So yes, it's possible for a program using the libressl API to configure the EC used. Whether any given program using libressl actually *does so* is up to that program, of course.

Ok thanks.