You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 lines
1.1 KiB
25 lines
1.1 KiB
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c |
|
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c.orig 2018-06-15 13:18:46.274786925 +0200 |
|
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/shttpd/shttpd.c 2018-06-15 13:18:46.281786924 +0200 |
|
@@ -1474,6 +1474,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch |
|
char *ssl_disabled_protocols = wsmand_options_get_ssl_disabled_protocols(); |
|
char *ssl_cipher_list = wsmand_options_get_ssl_cipher_list(); |
|
int retval = FALSE; |
|
+ EC_KEY* key; |
|
|
|
/* Initialize SSL crap */ |
|
debug("Initialize SSL"); |
|
@@ -1493,6 +1494,13 @@ set_ssl(struct shttpd_ctx *ctx, const ch |
|
else |
|
retval = TRUE; |
|
|
|
+ /* This enables ECDH Perfect Forward secrecy. Currently with just the most generic p256 prime curve */ |
|
+ key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
|
+ if (key != NULL) { |
|
+ SSL_CTX_set_tmp_ecdh(CTX, key); |
|
+ EC_KEY_free(key); |
|
+ } |
|
+ |
|
while (ssl_disabled_protocols) { |
|
struct ctx_opts_t { |
|
char *name;
|
|
|