From f0d732390283cb6bf5f5cd6fc7c782e24fd1875e Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 1 Jan 2014 23:26:00 +0900
Subject: [PATCH] nghttpx: Use SSL_CTX_set_ecdh_auto for OpenSSL >= 1.0.2

---
 src/shrpx_ssl.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index d54fa78f..4699f564 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -163,6 +163,10 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
   }
 
 #ifndef OPENSSL_NO_EC
+
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+  SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
+#else // OPENSSL_VERSION_NUBMER < 0x10002000L
   // Use P-256, which is sufficiently secure at the time of this
   // writing.
   auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
@@ -173,6 +177,8 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
   }
   SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
   EC_KEY_free(ecdh);
+#endif // OPENSSL_VERSION_NUBMER < 0x10002000L
+
 #endif /* OPENSSL_NO_EC */
 
   if(get_config()->dh_param_file) {