walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpd: Disable SSL_CTX_set_ecdh_auto for OpenSSL >= 1.0.2

This commit is contained in:
Tatsuhiro Tsujikawa 2014-06-28 15:35:10 +09:00
parent a3334bb21c
commit 9fec34968b
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/HttpServer.cc
View File

@ -1674,9 +1674,12 @@ int HttpServer::run()
#ifndef OPENSSL_NO_EC
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
#else // OPENSSL_VERSION_NUBMER < 0x10002000L
// Disabled SSL_CTX_set_ecdh_auto, because computational cost of
// chosen curve is much higher than P-256.
// #if OPENSSL_VERSION_NUMBER >= 0x10002000L
// SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
// #else // OPENSSL_VERSION_NUBMER < 0x10002000L
// Use P-256, which is sufficiently secure at the time of this
// writing.
auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
@ -1687,7 +1690,7 @@ int HttpServer::run()
}
SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
EC_KEY_free(ecdh);
#endif // OPENSSL_VERSION_NUBMER < 0x10002000L
// #endif // OPENSSL_VERSION_NUBMER < 0x10002000L
#endif // OPENSSL_NO_EC