projects
/
oweals
/
openwrt-ustream-ssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
45ac930
)
ustream-ssl: Enable ECDHE with OpenSSL.
author
Rosen Penev
<rosenp@gmail.com>
Sun, 1 Apr 2018 01:37:28 +0000
(18:37 -0700)
committer
John Crispin
<john@phrozen.org>
Mon, 30 Apr 2018 13:05:09 +0000
(15:05 +0200)
When used with LuCI, SSLlabs complains that Forward Secrecy is not enabled and thus caps the score to a B.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
ustream-openssl.c
patch
|
blob
|
history
diff --git
a/ustream-openssl.c
b/ustream-openssl.c
index 83f61406136f460a1444b3847c90b0f8d3656a4d..2faa8557fbb32384aceb3b8346b404eebf2cba56 100644
(file)
--- a/
ustream-openssl.c
+++ b/
ustream-openssl.c
@@
-49,6
+49,9
@@
__ustream_ssl_context_new(bool server)
return NULL;
SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
+#ifndef OPENSSL_NO_ECDH
+ SSL_CTX_set_ecdh_auto(c, 1);
+#endif
SSL_CTX_set_quiet_shutdown(c, 1);
return (void *) c;