diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-12-19 06:03:48 -0600 |
|---|---|---|
| committer | Hynek Schlawack <hs@ox.cx> | 2016-12-19 13:03:48 +0100 |
| commit | 6c6bf865acdd3c5ca5f47b1dbc2903023fd286b6 (patch) | |
| tree | b6fbeeb2e3782030b4bf4d856a08494bbca9da7c | |
| parent | 63ef9bc5f98261ca9585919b929c13d015fc5d1f (diff) | |
| download | pyopenssl-6c6bf865acdd3c5ca5f47b1dbc2903023fd286b6.tar.gz | |
automatically set SSL_CTX_set_ecdh_auto when available (#575)
| -rw-r--r-- | CHANGELOG.rst | 2 | ||||
| -rw-r--r-- | src/OpenSSL/SSL.py | 9 |
2 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 56c3c74..7085711 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -29,6 +29,8 @@ Changes: This reduces CPU usage and memory allocation time by an amount proportional to the size of the allocation. For applications that process a lot of TLS data or that use very lage allocations this can provide considerable performance improvements. `#578 <https://github.com/pyca/pyopenssl/pull/578>`_ +- Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``. + `#575 <https://github.com/pyca/pyopenssl/pull/575>`_ ---- diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 63a0b7e..eb0de10 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -475,6 +475,15 @@ class Context(object): _openssl_assert(context != _ffi.NULL) context = _ffi.gc(context, _lib.SSL_CTX_free) + # If SSL_CTX_set_ecdh_auto is available then set it so the ECDH curve + # will be auto-selected. This function was added in 1.0.2 and made a + # noop in 1.1.0+ (where it is set automatically). + try: + res = _lib.SSL_CTX_set_ecdh_auto(context, 1) + _openssl_assert(res == 1) + except AttributeError: + pass + self._context = context self._passphrase_helper = None self._passphrase_callback = None |