You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 lines
1.1 KiB
26 lines
1.1 KiB
5 years ago
|
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c
|
||
|
|
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c.orig 2018-06-15 13:18:46.274786925 +0200
|
||
|
|
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c 2018-06-15 13:18:46.281786924 +0200
|
||
|
|
@@ -1474,6 +1474,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch
|
||
|
|
char *ssl_disabled_protocols = wsmand_options_get_ssl_disabled_protocols();
|
||
|
|
char *ssl_cipher_list = wsmand_options_get_ssl_cipher_list();
|
||
|
|
int retval = FALSE;
|
||
|
|
+ EC_KEY* key;
|
||
|
|
|
||
|
|
/* Initialize SSL crap */
|
||
|
|
debug("Initialize SSL");
|
||
|
|
@@ -1493,6 +1494,13 @@ set_ssl(struct shttpd_ctx *ctx, const ch
|
||
|
|
else
|
||
|
|
retval = TRUE;
|
||
|
|
|
||
|
|
+ /* This enables ECDH Perfect Forward secrecy. Currently with just the most generic p256 prime curve */
|
||
|
|
+ key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
||
|
|
+ if (key != NULL) {
|
||
|
|
+ SSL_CTX_set_tmp_ecdh(CTX, key);
|
||
|
|
+ EC_KEY_free(key);
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
while (ssl_disabled_protocols) {
|
||
|
|
struct ctx_opts_t {
|
||
|
|
char *name;
|