AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SSL: let a server choose the most appropriate curve for a client

Browse Source 
OpenSSL 1.0.2 introduces SSL_CTX_set_ecdh_auto, which allows us
to stop using one specific temporary curve, and instead makes
the server negotiate the best curve.

Task-number: QTBUG-42925
Change-Id: I3a68f29030bdf04f368bfdf79c888401ce82bdd8
Reviewed-by: Richard J. Moore <rich@kde.org>
This commit is contained in:
Giuseppe D'Angelo 2014-11-27 11:03:06 +01:00
parent f9408317e7
commit 9431321c65
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/network/ssl/qsslcontext_openssl.cpp
View File

@ -321,11 +321,18 @@ init_context:
q_DH_free(dh);
#ifndef OPENSSL_NO_EC
// Set temp ECDH params
EC_KEY *ecdh = 0;
ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh);
q_EC_KEY_free(ecdh);
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (q_SSLeay() >= 0x10002000L) {
q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL);
} else
#endif
{
// Set temp ECDH params
EC_KEY *ecdh = 0;
ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh);
q_EC_KEY_free(ecdh);
}
#endif // OPENSSL_NO_EC
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves();