[PATCH] SSL: support automatic selection of ECDH temporary key parameters

Piotr Sikora piotr at cloudflare.com
Mon Aug 5 20:53:02 UTC 2013


# HG changeset patch
# User Piotr Sikora <piotr at cloudflare.com>
# Date 1375735677 25200
#      Mon Aug 05 13:47:57 2013 -0700
# Node ID bff5a43ea1596c1b0d2bb0b2fe698c7c79d8348a
# Parent  997b00c5c7f377a6c18874311fe39f22655616f6
SSL: support automatic selection of ECDH temporary key parameters.

Signed-off-by: Piotr Sikora <piotr at cloudflare.com>

diff -r 997b00c5c7f3 -r bff5a43ea159 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c     Mon Aug 05 13:43:03 2013 -0700
+++ b/src/event/ngx_event_openssl.c     Mon Aug 05 13:47:57 2013 -0700
@@ -630,6 +630,19 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_s
      * maximum interoperability.
      */

+    if (ngx_strcmp(name->data, "auto") == 0) {
+#ifdef SSL_CTRL_SET_ECDH_AUTO
+        SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
+        return NGX_OK;
+#else
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "nginx was built without OpenSSL support for "
+                           "automatic selection of ECDH temporary key "
+                           "parameters");
+        return NGX_ERROR;
+#endif
+    }
+
     nid = OBJ_sn2nid((const char *) name->data);
     if (nid == 0) {
         ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,



More information about the nginx-devel mailing list