walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpd: Disable SSL_CTX_set_ecdh_auto for OpenSSL >= 1.0.2

This commit is contained in:
Tatsuhiro Tsujikawa 2014-06-28 15:35:10 +09:00
parent a3334bb21c
commit 9fec34968b
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/HttpServer.cc
View File

@ -1674,9 +1674,12 @@ int HttpServer::run()
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
#if OPENSSL_VERSION_NUMBER >= 0x10002000L // Disabled SSL_CTX_set_ecdh_auto, because computational cost of
SSL_CTX_set_ecdh_auto(ssl_ctx, 1); // chosen curve is much higher than P-256.
#else // OPENSSL_VERSION_NUBMER < 0x10002000L
// #if OPENSSL_VERSION_NUMBER >= 0x10002000L
// SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
// #else // OPENSSL_VERSION_NUBMER < 0x10002000L
// Use P-256, which is sufficiently secure at the time of this // Use P-256, which is sufficiently secure at the time of this
// writing. // writing.
auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
@ -1687,7 +1690,7 @@ int HttpServer::run()
} }
SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh); SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
EC_KEY_free(ecdh); EC_KEY_free(ecdh);
#endif // OPENSSL_VERSION_NUBMER < 0x10002000L // #endif // OPENSSL_VERSION_NUBMER < 0x10002000L
#endif // OPENSSL_NO_EC #endif // OPENSSL_NO_EC