summaryrefslogtreecommitdiffstats
path: root/modules/ssl/ssl_engine_init.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/ssl/ssl_engine_init.c')
-rw-r--r--modules/ssl/ssl_engine_init.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index d8dd8c2229..0c6cdd7cf8 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1022,11 +1022,16 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
OBJ_nid2sn(nid), vhost_id, certfile);
}
/*
- * ...otherwise, configure NIST P-256 (required to enable ECDHE)
+ * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later)
+ * or configure NIST P-256 (required to enable ECDHE for earlier versions)
*/
else {
+#if defined(SSL_CTX_set_ecdh_auto)
+ SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
+#else
SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+#endif
}
#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 20:37:32 +0100