Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00
Code Releases Activity

Enable ECDHE key exchange in TSL driver

Browse Source
This commit is contained in:
Janusz Dziemidowicz 2012-07-18 22:14:11 +02:00
parent d2d51381ec
commit a407382d9f
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/tls/tls_drv.c
View File

@ -278,6 +278,24 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
return 1; return 1;
} }
/*
* ECDHE is enabled only on OpenSSL 1.0.0e and later.
* See http://www.openssl.org/news/secadv_20110906.txt
* for details.
*/
#if OPENSSL_VERSION_NUMBER >= 0x1000005fL && !defined(OPENSSL_NO_ECDH)
static void setup_ecdh(SSL_CTX *ctx)
{
EC_KEY *ecdh;
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
SSL_CTX_set_tmp_ecdh(ctx, ecdh);
EC_KEY_free(ecdh);
}
#endif
#define SET_CERTIFICATE_FILE_ACCEPT 1 #define SET_CERTIFICATE_FILE_ACCEPT 1
#define SET_CERTIFICATE_FILE_CONNECT 2 #define SET_CERTIFICATE_FILE_CONNECT 2
#define SET_ENCRYPTED_INPUT 3 #define SET_ENCRYPTED_INPUT 3
@ -360,6 +378,12 @@ static ErlDrvSSizeT tls_drv_control(ErlDrvData handle,
SSL_CTX_set_cipher_list(ctx, CIPHERS); SSL_CTX_set_cipher_list(ctx, CIPHERS);
#if OPENSSL_VERSION_NUMBER >= 0x1000005fL && !defined(OPENSSL_NO_ECDH)
if (command == SET_CERTIFICATE_FILE_ACCEPT) {
setup_ecdh(ctx);
}
#endif
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_default_verify_paths(ctx); SSL_CTX_set_default_verify_paths(ctx);
#ifdef SSL_MODE_RELEASE_BUFFERS #ifdef SSL_MODE_RELEASE_BUFFERS