MikeN123/tomcat-native-ecdhe.patch

## tomcat-native-ecdhe.patch
diff -ru tomcat-native-1.1.29-src.orig/jni/native/src/sslcontext.c tomcat-native-1.1.29-src/jni/native/src/sslcontext.c
--- tomcat-native-1.1.29-src.orig/jni/native/src/sslcontext.c	2013-02-05 14:49:48.000000000 +0100
+++ tomcat-native-1.1.29-src/jni/native/src/sslcontext.c	2014-02-04 23:03:29.000000000 +0100
@@ -151,6 +151,11 @@
                (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
                &(c->context_id[0]), NULL, EVP_sha1(), NULL);
     if (mode) {
+        /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
+        EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+        SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);
+        EC_KEY_free(ecdh);
+
         SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);
         SSL_CTX_set_tmp_dh_callback(c->ctx,  SSL_callback_tmp_DH);
     }
	diff -ru tomcat-native-1.1.29-src.orig/jni/native/src/sslcontext.c tomcat-native-1.1.29-src/jni/native/src/sslcontext.c
	--- tomcat-native-1.1.29-src.orig/jni/native/src/sslcontext.c 2013-02-05 14:49:48.000000000 +0100
	+++ tomcat-native-1.1.29-src/jni/native/src/sslcontext.c 2014-02-04 23:03:29.000000000 +0100
	@@ -151,6 +151,11 @@
	(unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
	&(c->context_id[0]), NULL, EVP_sha1(), NULL);
	if (mode) {
	+ /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
	+ EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
	+ SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);
	+ EC_KEY_free(ecdh);
	+
	SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);
	SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH);
	}