SSL Context: Explicitly load ECC ciphers on el7

Otherwise curl/nss as client won't be able to use the
new default cipher list.

fixes #7247

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index a3edc8758da81cb4483ccb7891b15f9127976b69..3bde27a7a9f78bf7807612869ff9ed0430b13e9f 100644 (file)
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -73,6 +73,9 @@ static void SetupSslContext(SSL_CTX *sslContext, const String& pubkey, const Str
        SSL_CTX_set_mode(sslContext, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
        SSL_CTX_set_session_id_context(sslContext, (const unsigned char *)"Icinga 2", 8);
 
+       // Explicitly load ECC ciphers, required on el7 - https://github.com/Icinga/icinga2/issues/7247
+       SSL_CTX_set_ecdh_auto(sslContext, 1);
+
        if (!pubkey.IsEmpty()) {
                if (!SSL_CTX_use_certificate_chain_file(sslContext, pubkey.CStr())) {
                        Log(LogCritical, "SSL")