diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-15 14:08:27 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-15 14:08:27 +0000 |
| commit | c67f80e7c0d909fbcc18da1ba59af92e156c5fbd (patch) | |
| tree | 73cbfcbba6eff406c480f85a306e8c59694b563c /lib | |
| parent | eeab2c171965f057935d00464fcde2f72320a2d3 (diff) | |
Set SSL_OP_SINGLE_ECDH_USE before calling SSL_CTX_set_tmp_ecdh() - this
avoids generating an EC key pair that will never be used.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libressl/ressl_server.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libressl/ressl_server.c b/lib/libressl/ressl_server.c index 1d5ee2a3f93..4783674a0b9 100644 --- a/lib/libressl/ressl_server.c +++ b/lib/libressl/ressl_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ressl_server.c,v 1.10 2014/10/03 14:09:09 jsing Exp $ */ +/* $OpenBSD: ressl_server.c,v 1.11 2014/10/15 14:08:26 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -70,8 +70,8 @@ ressl_configure_server(struct ressl *ctx) ressl_set_error(ctx, "failed to set ECDH curve"); goto err; } - SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); + SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key); EC_KEY_free(ecdh_key); } |