You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 lines
831 B
23 lines
831 B
6 years ago
|
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
|
||
|
|
index 0275452..8efdcd7 100644
|
||
|
|
--- a/modules/ssl/ssl_engine_init.c
|
||
|
|
+++ b/modules/ssl/ssl_engine_init.c
|
||
|
|
@@ -1144,11 +1144,16 @@ static void ssl_init_server_certs(server_rec *s,
|
||
|
|
OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]);
|
||
|
|
}
|
||
|
|
/*
|
||
|
|
- * ...otherwise, configure NIST P-256 (required to enable ECDHE)
|
||
|
|
+ * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later)
|
||
|
|
+ * or configure NIST P-256 (required to enable ECDHE for earlier versions)
|
||
|
|
*/
|
||
|
|
else {
|
||
|
|
+#if defined(SSL_CTX_set_ecdh_auto)
|
||
|
|
+ SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
|
||
|
|
+#else
|
||
|
|
SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
|
||
|
|
EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
|
||
|
|
+#endif
|
||
|
|
}
|
||
|
|
#endif
|
||
|
|
}
|