Add three Suite B modes to TLS code, supporting RFC6460.

[oweals/openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8a15af6dd10593e177dfb32b46c0fd6778b9da81..ed7d34f724c2efe509b86f4d4f10c03e1f90c087 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1707,8 +1707,8 @@ int ssl3_send_server_key_exchange(SSL *s)
                        ecdhp=cert->ecdh_tmp;
                        if (s->cert->ecdh_tmp_auto)
                                {
-                               /* Get NID of first shared curve */
-                               int nid = tls1_shared_curve(s, 0);
+                               /* Get NID of appropriate shared curve */
+                               int nid = tls1_shared_curve(s, -2);
                                if (nid != NID_undef)
                                        ecdhp = EC_KEY_new_by_curve_name(nid);
                                }