1 files changed, 10 insertions, 5 deletions

diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index ac44f260ac..8d71d2790f 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.3 2015/01/30 14:25:37 bluhm Exp $ */
+/* $OpenBSD: tls_server.c,v 1.4 2015/02/07 06:19:26 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -63,12 +63,17 @@ tls_configure_server(struct tls *ctx)
         if (tls_configure_keypair(ctx) != 0)
                 goto err;
 
-        if (ctx->config->ecdhcurve == -1) {
+        if (ctx->config->dheparams == -1)
+                SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1);
+        else if (ctx->config->dheparams == 1024)
+                SSL_CTX_set_dh_auto(ctx->ssl_ctx, 2);
+
+        if (ctx->config->ecdhecurve == -1) {
                 SSL_CTX_set_ecdh_auto(ctx->ssl_ctx, 1);
-        } else if (ctx->config->ecdhcurve != NID_undef) {
+        } else if (ctx->config->ecdhecurve != NID_undef) {
                 if ((ecdh_key = EC_KEY_new_by_curve_name(
-                    ctx->config->ecdhcurve)) == NULL) {
-                        tls_set_error(ctx, "failed to set ECDH curve");
+                    ctx->config->ecdhecurve)) == NULL) {
+                        tls_set_error(ctx, "failed to set ECDHE curve");
                         goto err;
                 }
                 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);