arrfab / rpms / httpd

Forked from rpms/httpd 5 years ago
Clone

Blame SOURCES/httpd-2.4.6-ssl-ecdh-auto.patch

75a229
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
75a229
index 0275452..8efdcd7 100644
75a229
--- a/modules/ssl/ssl_engine_init.c
75a229
+++ b/modules/ssl/ssl_engine_init.c
75a229
@@ -1144,11 +1144,16 @@ static void ssl_init_server_certs(server_rec *s,
75a229
                      OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]);
75a229
     }
75a229
     /*
75a229
-     * ...otherwise, configure NIST P-256 (required to enable ECDHE)
75a229
+     * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later)
75a229
+     * or configure NIST P-256 (required to enable ECDHE for earlier versions)
75a229
      */
75a229
     else {
75a229
+#if defined(SSL_CTX_set_ecdh_auto)
75a229
+        SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
75a229
+#else
75a229
         SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
75a229
                              EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
75a229
+#endif
75a229
     }
75a229
 #endif
75a229
 }