]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c1ae372)
enable auto curve selection for ephemeral ECDH keys
authorKaspar Brand <kbrand@apache.org>
Sat, 1 Feb 2014 14:04:23 +0000 (14:04 +0000)
committerKaspar Brand <kbrand@apache.org>
Sat, 1 Feb 2014 14:04:23 +0000 (14:04 +0000)
when compiled against OpenSSL 1.0.2 or later

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1563420 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_init.c patch | blob | history

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index d8dd8c2229a76bcb6de62d1e2f03ef8dcbc1e405..0c6cdd7cf83fbeb37cdab1b3e807a2e76c072a7c 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1022,11 +1022,16 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
                      OBJ_nid2sn(nid), vhost_id, certfile);
     }
     /*
-     * ...otherwise, configure NIST P-256 (required to enable ECDHE)
+     * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later)
+     * or configure NIST P-256 (required to enable ECDHE for earlier versions)
      */
     else {
+#if defined(SSL_CTX_set_ecdh_auto)
+        SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
+#else
         SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
                              EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+#endif
     }
 #endif
 
Unnamed repository; edit this file 'description' to name the repository.