From: Jan Just Keijser <janj...@nikhef.nl> Discussion: https://forums.openvpn.net/topic8404-30.html Tested-By: Sanaullah <sanaulla...@gmail.com> --- src/openvpn/ssl_openssl.c | 11 +++++++++++ 1 file changed, 11 insertions(+)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index f64177a..665bb5c 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -309,6 +309,7 @@ tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file, { DH *dh; BIO *bio; + EC_KEY *ecdh=NULL; ASSERT(NULL != ctx); @@ -336,6 +337,16 @@ tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file, 8 * DH_size (dh)); DH_free (dh); + + ecdh = EC_KEY_new_by_curve_name(NID_secp224r1); + + if (ecdh == NULL) + msg (M_SSLERR, "Unable to create curve (NID_secp224r1)"); + + if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh)) + msg (M_SSLERR, "SSL_CTX_set_tmp_ecdh"); + + EC_KEY_free(ecdh); } int -- 1.8.3.2