Created
September 21, 2016 15:32
-
-
Save h-yamamo/b732d808bec8f4f912d4abe7713a9a0d to your computer and use it in GitHub Desktop.
Support TLS_ECDHE_* cipher suites for ubuntu xenial openvpn package
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Support TLS_ECDHE_* ciphersuites | |
you can specify e.g. --tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | |
supported curve is only NIST P-256. | |
if you want to change the curve to P-384 or P-521 | |
change NID_X9_62_prime256v1 to NID_secp384r1 or NID_secp521r1. | |
--- 2.3.10-1ubuntu2/src/openvpn/ssl_openssl.c 2016-01-04 12:17:32.000000000 +0000 | |
+++ b/src/openvpn/ssl_openssl.c 2016-09-19 20:00:00.000000000 +0900 | |
@@ -390,9 +390,22 @@ | |
{ | |
DH *dh; | |
BIO *bio; | |
+ EC_KEY *ec; | |
ASSERT(NULL != ctx); | |
+ ec = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); | |
+ if (!ec) | |
+ msg (M_SSLERR, "unable to create curve (nistp256)"); | |
+ else | |
+ { | |
+ if (!SSL_CTX_set_tmp_ecdh (ctx->ctx, ec)) | |
+ msg (M_SSLERR, "SSL_CTX_set_tmp_ecdh"); | |
+ else | |
+ msg (D_TLS_DEBUG_LOW, "Initialized ECDH parameters with nistp256"); | |
+ EC_KEY_free (ec); | |
+ } | |
+ | |
if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline) | |
{ | |
if (!(bio = BIO_new_mem_buf ((char *)dh_file_inline, -1))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to build package:
Tips: