Added OpenSSL server side EDHCE cipher support

This commit is contained in:
Gerhard Rieger 2015-04-02 18:00:57 +02:00
parent a0ded9f095
commit 6c60d0d66e
2 changed files with 28 additions and 3 deletions

View file

@ -330,6 +330,9 @@ porting:
Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
on Illumos
Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
_POSIX_PTHREAD_SEMANTICS; and minor changes
Red Hat issue 1182005: socat 1.7.2.4 build failure missing
linux/errqueue.h
Socat failed to compile on on PPC due to new requirements for
@ -338,9 +341,6 @@ porting:
Use 'environ' variable only when provided by runtime
Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
_POSIX_PTHREAD_SEMANTICS; and minor changes
new features:
added option max-children that limits the number of concurrent child
processes. Thanks to Sam Liddicott for providing the patch.
@ -361,6 +361,9 @@ new features:
Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
Tests: OPENSSL_METHOD_*
Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
by Andrey Arapov.
Added a new option termios-rawer for ptys.
Thanks to Christian Vogelgsang for pointing me to this requirement

View file

@ -1093,6 +1093,28 @@ int
}
}
{
/* see http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-td42229.html */
int nid;
EC_KEY *ecdh;
#if 0
nid = OBJ_sn2nid(ECDHE_CURVE);
if (nid == NID_undef) {
Error("openssl: failed to set ECDHE parameters");
return -1;
}
#endif
nid = NID_X9_62_prime256v1;
ecdh = EC_KEY_new_by_curve_name(nid);
if (NULL == ecdh) {
Error("openssl: failed to set ECDHE parameters");
return -1;
}
SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
}
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
if (opt_compress) {
int result;