[Spice-devel] [spice-server] ssl: Allow to use ECDH ciphers with OpenSSL 1.0
Frediano Ziglio
fziglio at redhat.com
Wed Jun 20 16:06:28 UTC 2018
>
> Without an explicit call to SSL_CTX_set_ecdh_auto(reds->ctx, 1), OpenSSL
> 1.0 would not use ECDH ciphers (this is now automatic with OpenSSL
> 1.1.0). This commit adds this missing call. It's based on a suggestion
> from David Jasa
>
> Signed-off-by: Christophe Fergeau <cfergeau at redhat.com>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1566597
Patch make sense.
Personally I had to dig into the bugs to check which
distro version still used OpenSSL 1.0.
Would be good to add in the commit message.
> ---
> server/reds.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/server/reds.c b/server/reds.c
> index 66a221c32..4b2c99196 100644
> --- a/server/reds.c
> +++ b/server/reds.c
> @@ -2784,6 +2784,7 @@ static int reds_init_ssl(RedsState *reds)
> }
>
> SSL_CTX_set_options(reds->ctx, ssl_options);
> + SSL_CTX_set_ecdh_auto(reds->ctx, 1);
>
> /* Load our keys and certificates*/
> return_code = SSL_CTX_use_certificate_chain_file(reds->ctx,
> reds->config->ssl_parameters.certs_file);
Otherwise,
Acked-by: Frediano Ziglio <fziglio at redhat.com>
Frediano
More information about the Spice-devel
mailing list