walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Disable SSL_CTX_set_ecdh_auto() for now

This commit is contained in:
Tatsuhiro Tsujikawa 2014-06-06 23:15:36 +09:00
parent fcec996925
commit b8ed74c1ec
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/shrpx_ssl.cc
View File

@ -269,9 +269,12 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
#if OPENSSL_VERSION_NUMBER >= 0x10002000L // Disabled SSL_CTX_set_ecdh_auto, because computational cost of
SSL_CTX_set_ecdh_auto(ssl_ctx, 1); // chosen curve is much higher than P-256.
#else // OPENSSL_VERSION_NUBMER < 0x10002000L
// #if OPENSSL_VERSION_NUMBER >= 0x10002000L
// SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
// #else // OPENSSL_VERSION_NUBMER < 0x10002000L
// Use P-256, which is sufficiently secure at the time of this // Use P-256, which is sufficiently secure at the time of this
// writing. // writing.
auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
@ -282,7 +285,7 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
} }
SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh); SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
EC_KEY_free(ecdh); EC_KEY_free(ecdh);
#endif // OPENSSL_VERSION_NUBMER < 0x10002000L // #endif // OPENSSL_VERSION_NUBMER < 0x10002000L
#endif // OPENSSL_NO_EC #endif // OPENSSL_NO_EC