h-yamamo/ecdh.patch

## ecdh.patch
  Support TLS_ECDHE_* ciphersuites

    you can specify e.g. --tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256

    supported curve is only NIST P-256.
    if you want to change the curve to P-384 or P-521
    change NID_X9_62_prime256v1 to NID_secp384r1 or NID_secp521r1.

--- 2.3.10-1ubuntu2/src/openvpn/ssl_openssl.c	2016-01-04 12:17:32.000000000 +0000
+++ b/src/openvpn/ssl_openssl.c	2016-09-19 20:00:00.000000000 +0900
@@ -390,9 +390,22 @@
 {
   DH *dh;
   BIO *bio;
+  EC_KEY *ec;

   ASSERT(NULL != ctx);

+  ec = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
+  if (!ec)
+    msg (M_SSLERR, "unable to create curve (nistp256)");
+  else
+    {
+      if (!SSL_CTX_set_tmp_ecdh (ctx->ctx, ec))
+	msg (M_SSLERR, "SSL_CTX_set_tmp_ecdh");
+      else
+	msg (D_TLS_DEBUG_LOW, "Initialized ECDH parameters with nistp256");
+      EC_KEY_free (ec);
+    }
+
   if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline)
     {
       if (!(bio = BIO_new_mem_buf ((char *)dh_file_inline, -1)))
	Support TLS_ECDHE_* ciphersuites

	you can specify e.g. --tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256

	supported curve is only NIST P-256.
	if you want to change the curve to P-384 or P-521
	change NID_X9_62_prime256v1 to NID_secp384r1 or NID_secp521r1.

	--- 2.3.10-1ubuntu2/src/openvpn/ssl_openssl.c 2016-01-04 12:17:32.000000000 +0000
	+++ b/src/openvpn/ssl_openssl.c 2016-09-19 20:00:00.000000000 +0900
	@@ -390,9 +390,22 @@
	{
	DH *dh;
	BIO *bio;
	+ EC_KEY *ec;

	ASSERT(NULL != ctx);

	+ ec = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
	+ if (!ec)
	+ msg (M_SSLERR, "unable to create curve (nistp256)");
	+ else
	+ {
	+ if (!SSL_CTX_set_tmp_ecdh (ctx->ctx, ec))
	+ msg (M_SSLERR, "SSL_CTX_set_tmp_ecdh");
	+ else
	+ msg (D_TLS_DEBUG_LOW, "Initialized ECDH parameters with nistp256");
	+ EC_KEY_free (ec);
	+ }
	+
	if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline)
	{
	if (!(bio = BIO_new_mem_buf ((char *)dh_file_inline, -1)))