summaryrefslogtreecommitdiff
path: root/src/common/tortls.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-11-26 23:19:02 -0500
committerNick Mathewson <nickm@torproject.org>2012-12-25 20:14:03 -0500
commitbbaf4d964377f2f43625b56517ae21a80c220e7f (patch)
tree20dedaf1f0c9e7c1904536bdbdbc331fdefd8f0a /src/common/tortls.c
parent747d28408884b5600b695bcf8a5dd7101188cda5 (diff)
downloadtor-bbaf4d964377f2f43625b56517ae21a80c220e7f.tar.gz
tor-bbaf4d964377f2f43625b56517ae21a80c220e7f.zip
Configure SSL context to know about using P-256 for ECDHE.
Diffstat (limited to 'src/common/tortls.c')
-rw-r--r--src/common/tortls.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index af3059a02d..02d09515a5 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1224,6 +1224,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
}
SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
+ SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_ECDH_USE);
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
SSL_CTX_set_options(result->ctx,
@@ -1274,6 +1275,17 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
SSL_CTX_set_tmp_dh(result->ctx, crypto_dh_get_dh_(dh));
crypto_dh_free(dh);
}
+#if (!defined(OPENSSL_NO_EC) && \
+ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0))
+ if (! is_client) {
+ EC_KEY *ec_key;
+ /* Use P-256 for ECDHE. */
+ ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ if (ec_key != NULL) /*XXXX Handle errors? */
+ SSL_CTX_set_tmp_ecdh(result->ctx, ec_key);
+ EC_KEY_free(ec_key);
+ }
+#endif
SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
always_accept_verify_cb);
/* let us realloc bufs that we're writing from */
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion