arrfab / rpms / httpd

Forked from rpms/httpd 5 years ago
Clone
Blob Blame History Raw
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 0275452..8efdcd7 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1144,11 +1144,16 @@ static void ssl_init_server_certs(server_rec *s,
                      OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]);
     }
     /*
-     * ...otherwise, configure NIST P-256 (required to enable ECDHE)
+     * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later)
+     * or configure NIST P-256 (required to enable ECDHE for earlier versions)
      */
     else {
+#if defined(SSL_CTX_set_ecdh_auto)
+        SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
+#else
         SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
                              EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+#endif
     }
 #endif
 }