From: Rosen Penev <rosenp@gmail.com>
Date: Sun, 1 Apr 2018 01:37:28 +0000 (-0700)
Subject: ustream-ssl: Enable ECDHE with OpenSSL.
X-Git-Url: https://git.librecmc.org/?p=oweals%2Fopenwrt-ustream-ssl.git;a=commitdiff_plain;h=39a6ce205d8fd10d2764751d0e1d2d76741e424d

ustream-ssl: Enable ECDHE with OpenSSL.

When used with LuCI, SSLlabs complains that Forward Secrecy is not enabled and thus caps the score to a B.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---

diff --git a/ustream-openssl.c b/ustream-openssl.c
index 83f6140..2faa855 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -49,6 +49,9 @@ __ustream_ssl_context_new(bool server)
 		return NULL;
 
 	SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
+#ifndef OPENSSL_NO_ECDH
+	SSL_CTX_set_ecdh_auto(c, 1);
+#endif
 	SSL_CTX_set_quiet_shutdown(c, 1);
 
 	return (void *) c;