[Spice-commits] server/reds.c

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Wed Jun 20 16:18:32 UTC 2018

 server/reds.c |    1 +
 1 file changed, 1 insertion(+)

New commits:
commit 8822161833d4a672280994caec14900a8d65bd3e
Author: Christophe Fergeau <cfergeau at redhat.com>
Date:   Wed Jun 20 17:02:14 2018 +0200

    ssl: Allow to use ECDH ciphers with OpenSSL 1.0
    Without an explicit call to SSL_CTX_set_ecdh_auto(reds->ctx, 1), OpenSSL
    1.0 (still used by el7) would not use ECDH ciphers (this is now
    automatic with OpenSSL 1.1.0). This commit adds this missing call. It's
    based on a suggestion from David Jasa
    Signed-off-by: Christophe Fergeau <cfergeau at redhat.com>
    Acked-by: Frediano Ziglio <fziglio at redhat.com>

diff --git a/server/reds.c b/server/reds.c
index 66a221c3..4b2c9919 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -2784,6 +2784,7 @@ static int reds_init_ssl(RedsState *reds)
     SSL_CTX_set_options(reds->ctx, ssl_options);
+    SSL_CTX_set_ecdh_auto(reds->ctx, 1);
     /* Load our keys and certificates*/
     return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, reds->config->ssl_parameters.certs_file);

More information about the Spice-commits mailing list