[LEDE-DEV] [PATCH 1/2] ustream-ssl: Enable ECDHE with OpenSSL.
Rosen Penev
rosenp at gmail.com
Sat Mar 31 18:37:28 PDT 2018
When used with LuCI, SSLlabs complains that Forward Secrecy is not enabled and thus caps the score to a B.
Signed-off-by: Rosen Penev <rosenp at gmail.com>
---
ustream-openssl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ustream-openssl.c b/ustream-openssl.c
index 83f6140..2faa855 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -49,6 +49,9 @@ __ustream_ssl_context_new(bool server)
return NULL;
SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
+#ifndef OPENSSL_NO_ECDH
+ SSL_CTX_set_ecdh_auto(c, 1);
+#endif
SSL_CTX_set_quiet_shutdown(c, 1);
return (void *) c;
--
2.16.3
More information about the Lede-dev
mailing list