altarch-user / rpms / httpd

Forked from rpms/httpd 2 years ago
Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.6-ssl-ecdh-auto.patch

c7 c7-beta c7-sig-altarch-new c7-sig-altarch-test-push c8 c8-stream-2.4
  1.   008793267be1b543832f8516f10a696125cbcd2b
  2.   SOURCES
  3.   httpd-2.4.6-ssl-ecdh-auto.patch
Blob History Raw
008793 
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
008793 
index 0275452..8efdcd7 100644
008793 
--- a/modules/ssl/ssl_engine_init.c
008793 
+++ b/modules/ssl/ssl_engine_init.c
008793 
@@ -1144,11 +1144,16 @@ static void ssl_init_server_certs(server_rec *s,
008793 
                      OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]);
008793 
     }
008793 
     /*
008793 
-     * ...otherwise, configure NIST P-256 (required to enable ECDHE)
008793 
+     * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later)
008793 
+     * or configure NIST P-256 (required to enable ECDHE for earlier versions)
008793 
      */
008793 
     else {
008793 
+#if defined(SSL_CTX_set_ecdh_auto)
008793 
+        SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
008793 
+#else
008793 
         SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
008793 
                              EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
008793 
+#endif
008793 
     }
008793 
 #endif
008793 
 }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation