automatically set SSL_CTX_set_ecdh_auto when available (#575)

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2016-12-19 06:03:48 -0600
committer: Hynek Schlawack <hs@ox.cx> 2016-12-19 13:03:48 +0100
commit: 6c6bf865acdd3c5ca5f47b1dbc2903023fd286b6 (patch)
tree: b6fbeeb2e3782030b4bf4d856a08494bbca9da7c /src/OpenSSL/SSL.py
parent: 63ef9bc5f98261ca9585919b929c13d015fc5d1f (diff)
download: pyopenssl-6c6bf865acdd3c5ca5f47b1dbc2903023fd286b6.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 63a0b7e..eb0de10 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -475,6 +475,15 @@ class Context(object):
         _openssl_assert(context != _ffi.NULL)
         context = _ffi.gc(context, _lib.SSL_CTX_free)
 
+        # If SSL_CTX_set_ecdh_auto is available then set it so the ECDH curve
+        # will be auto-selected. This function was added in 1.0.2 and made a
+        # noop in 1.1.0+ (where it is set automatically).
+        try:
+            res = _lib.SSL_CTX_set_ecdh_auto(context, 1)
+            _openssl_assert(res == 1)
+        except AttributeError:
+            pass
+
         self._context = context
         self._passphrase_helper = None
         self._passphrase_callback = None
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2016-12-19 06:03:48 -0600
committer	Hynek Schlawack <hs@ox.cx>	2016-12-19 13:03:48 +0100
commit	6c6bf865acdd3c5ca5f47b1dbc2903023fd286b6 (patch)
tree	b6fbeeb2e3782030b4bf4d856a08494bbca9da7c /src/OpenSSL/SSL.py
parent	63ef9bc5f98261ca9585919b929c13d015fc5d1f (diff)
download	pyopenssl-6c6bf865acdd3c5ca5f47b1dbc2903023fd286b6.tar.gz