Set SSL_OP_SINGLE_ECDH_USE before calling SSL_CTX_set_tmp_ecdh() - this

avoids generating an EC key pair that will never be used.
author: jsing <> 2014-10-15 14:08:26 +0000
committer: jsing <> 2014-10-15 14:08:26 +0000
commit: 63c863c8cc1f3a95888709f9528840589a9e567f (patch)
tree: 3f0ee31ae094fbf2f4b78ea39e25d05223b1a1d2 /src/lib
parent: 060df266399eaa119161ae1d0dd66991023ce805 (diff)
download: openbsd-63c863c8cc1f3a95888709f9528840589a9e567f.tar.gz
openbsd-63c863c8cc1f3a95888709f9528840589a9e567f.tar.bz2
openbsd-63c863c8cc1f3a95888709f9528840589a9e567f.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c
index 1d5ee2a3f9..4783674a0b 100644
--- a/src/lib/libressl/ressl_server.c
+++ b/src/lib/libressl/ressl_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl_server.c,v 1.10 2014/10/03 14:09:09 jsing Exp $ */
+/* $OpenBSD: ressl_server.c,v 1.11 2014/10/15 14:08:26 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -70,8 +70,8 @@ ressl_configure_server(struct ressl *ctx)
                        ressl_set_error(ctx, "failed to set ECDH curve");
                        goto err;
                }
-                SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);
                SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
+                SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);
                EC_KEY_free(ecdh_key);
        }
author	jsing <>	2014-10-15 14:08:26 +0000
committer	jsing <>	2014-10-15 14:08:26 +0000
commit	63c863c8cc1f3a95888709f9528840589a9e567f (patch)
tree	3f0ee31ae094fbf2f4b78ea39e25d05223b1a1d2 /src/lib
parent	060df266399eaa119161ae1d0dd66991023ce805 (diff)
download	openbsd-63c863c8cc1f3a95888709f9528840589a9e567f.tar.gz openbsd-63c863c8cc1f3a95888709f9528840589a9e567f.tar.bz2 openbsd-63c863c8cc1f3a95888709f9528840589a9e567f.zip