Changeset 4832 for pjproject/trunk
- Timestamp:
- May 2, 2014 10:20:14 AM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c
r4829 r4832 488 488 static pj_status_t create_ssl(pj_ssl_sock_t *ssock) 489 489 { 490 BIO *bio; 491 DH *dh; 492 long options; 493 EC_KEY *ecdh; 490 494 SSL_METHOD *ssl_method; 491 495 SSL_CTX *ctx; … … 583 587 return status; 584 588 } 589 590 bio = BIO_new_file(cert->privkey_file.ptr, "r"); 591 if (bio != NULL) { 592 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 593 if (dh != NULL) { 594 if (SSL_CTX_set_tmp_dh(ctx, dh)) { 595 options = SSL_OP_CIPHER_SERVER_PREFERENCE | 596 SSL_OP_SINGLE_DH_USE; 597 options = SSL_CTX_set_options(ctx, options); 598 PJ_LOG(4,(ssock->pool->obj_name, "SSL DH " 599 "initialized, PFS cipher-suites enabled")); 600 } 601 DH_free(dh); 602 } 603 BIO_free(bio); 604 } 605 } 606 } 607 608 #ifndef SSL_CTRL_SET_ECDH_AUTO 609 #define SSL_CTRL_SET_ECDH_AUTO 94 610 #endif 611 612 /* SSL_CTX_set_ecdh_auto(ctx, on); requires OpenSSL 1.0.2 which wraps: */ 613 if (SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) { 614 PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH initialized (automatic), " 615 "faster PFS ciphers enabled")); 616 } else { 617 /* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */ 618 ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 619 if (ecdh != NULL) { 620 if (SSL_CTX_set_tmp_ecdh(ctx, ecdh)) { 621 PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH initialized " 622 "(secp256r1), faster PFS cipher-suites enabled")); 623 } 624 EC_KEY_free(ecdh); 585 625 } 586 626 }
Note: See TracChangeset
for help on using the changeset viewer.