Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
openwsman
0017-setup-ECDHE-to-allow-Perfect-Forward-Secre...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0017-setup-ECDHE-to-allow-Perfect-Forward-Secrecy-using-t.patch of Package openwsman
From 931535e12249cdf7f274caeff542852511ae44fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> Date: Wed, 4 Jul 2018 14:44:10 +0200 Subject: [PATCH 17/17] setup ECDHE to allow Perfect Forward Secrecy, using the p256 NIST prime curve Author: Marcus Meissner <meissner@suse.de> --- src/server/shttpd/config.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/server/shttpd/config.c b/src/server/shttpd/config.c index b320d21b53d7..2c11b96d5ef8 100644 --- a/src/server/shttpd/config.c +++ b/src/server/shttpd/config.c @@ -89,6 +89,7 @@ set_ssl(struct shttpd_ctx *ctx, void *arg, const char *pem) struct ssl_func *fp; char *ssl_disabled_protocols = wsmand_options_get_ssl_disabled_protocols(); char *ssl_cipher_list = wsmand_options_get_ssl_cipher_list(); + EC_KEY* key; arg = NULL; /* Unused */ @@ -127,6 +128,14 @@ set_ssl(struct shttpd_ctx *ctx, void *arg, const char *pem) SSL_CTX_free(CTX); CTX = NULL; } + + /* This enables ECDH Perfect Forward secrecy. Currently with just the most generic p256 prime curve */ + key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + if (key != NULL) { + SSL_CTX_set_tmp_ecdh(CTX, key); + EC_KEY_free(key); + } + while (ssl_disabled_protocols) { struct ctx_opts_t { char *name; -- 2.18.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor