diff options
Diffstat (limited to 'src/lib/libtls/tls_server.c')
| -rw-r--r-- | src/lib/libtls/tls_server.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index ac44f260ac..8d71d2790f 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_server.c,v 1.3 2015/01/30 14:25:37 bluhm Exp $ */ | 1 | /* $OpenBSD: tls_server.c,v 1.4 2015/02/07 06:19:26 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -63,12 +63,17 @@ tls_configure_server(struct tls *ctx) | |||
| 63 | if (tls_configure_keypair(ctx) != 0) | 63 | if (tls_configure_keypair(ctx) != 0) |
| 64 | goto err; | 64 | goto err; |
| 65 | 65 | ||
| 66 | if (ctx->config->ecdhcurve == -1) { | 66 | if (ctx->config->dheparams == -1) |
| 67 | SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1); | ||
| 68 | else if (ctx->config->dheparams == 1024) | ||
| 69 | SSL_CTX_set_dh_auto(ctx->ssl_ctx, 2); | ||
| 70 | |||
| 71 | if (ctx->config->ecdhecurve == -1) { | ||
| 67 | SSL_CTX_set_ecdh_auto(ctx->ssl_ctx, 1); | 72 | SSL_CTX_set_ecdh_auto(ctx->ssl_ctx, 1); |
| 68 | } else if (ctx->config->ecdhcurve != NID_undef) { | 73 | } else if (ctx->config->ecdhecurve != NID_undef) { |
| 69 | if ((ecdh_key = EC_KEY_new_by_curve_name( | 74 | if ((ecdh_key = EC_KEY_new_by_curve_name( |
| 70 | ctx->config->ecdhcurve)) == NULL) { | 75 | ctx->config->ecdhecurve)) == NULL) { |
| 71 | tls_set_error(ctx, "failed to set ECDH curve"); | 76 | tls_set_error(ctx, "failed to set ECDHE curve"); |
| 72 | goto err; | 77 | goto err; |
| 73 | } | 78 | } |
| 74 | SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); | 79 | SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); |