Commit f0d73239 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

nghttpx: Use SSL_CTX_set_ecdh_auto for OpenSSL >= 1.0.2

parent 87f4f1d4
...@@ -163,6 +163,10 @@ SSL_CTX* create_ssl_context(const char *private_key_file, ...@@ -163,6 +163,10 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
} }
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
#else // OPENSSL_VERSION_NUBMER < 0x10002000L
// Use P-256, which is sufficiently secure at the time of this // Use P-256, which is sufficiently secure at the time of this
// writing. // writing.
auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
...@@ -173,6 +177,8 @@ SSL_CTX* create_ssl_context(const char *private_key_file, ...@@ -173,6 +177,8 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
} }
SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh); SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
EC_KEY_free(ecdh); EC_KEY_free(ecdh);
#endif // OPENSSL_VERSION_NUBMER < 0x10002000L
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
if(get_config()->dh_param_file) { if(get_config()->dh_param_file) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment