diff options
| author | Rosen Penev <rosenp@gmail.com> | 2018-03-31 18:37:28 -0700 |
|---|---|---|
| committer | John Crispin <john@phrozen.org> | 2018-04-30 15:05:09 +0200 |
| commit | 39a6ce205d8fd10d2764751d0e1d2d76741e424d (patch) | |
| tree | 34c6d84ea426b001b5869edc1b367eb6cec033c6 | |
| parent | 45ac93088bc6f2d8ef3b0512d8e1ddfd9c4ee9e5 (diff) | |
| download | ustream-ssl-39a6ce205d8fd10d2764751d0e1d2d76741e424d.tar.gz | |
ustream-ssl: Enable ECDHE with OpenSSL.
When used with LuCI, SSLlabs complains that Forward Secrecy is not enabled and thus caps the score to a B.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
| -rw-r--r-- | ustream-openssl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ustream-openssl.c b/ustream-openssl.c index 83f6140..2faa855 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -49,6 +49,9 @@ __ustream_ssl_context_new(bool server) return NULL; SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL); +#ifndef OPENSSL_NO_ECDH + SSL_CTX_set_ecdh_auto(c, 1); +#endif SSL_CTX_set_quiet_shutdown(c, 1); return (void *) c; |