libcouriertls.c: initialize temporary ecdh parameters.

2 files changed, 18 insertions, 1 deletions

diff --git a/imap/ChangeLog b/imap/ChangeLog
index 1843086..6da7c9a 100644
--- a/imap/ChangeLog
+++ b/imap/ChangeLog
@@ -1,5 +1,8 @@
 2014-09-19  Sam Varshavchik  <mrsam@courier-mta.com>
 
+	* tcpd/libcouriertls.c (tls_create): Initialize temporary ecdh
+	parameters.
+
 	* imap: try to print a message on stderr if the alarm() call, that
 	detects FAM library breakage, goes off.
 
diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c
index 67cc341..6ca874e 100644
--- a/tcpd/libcouriertls.c
+++ b/tcpd/libcouriertls.c
@@ -1,5 +1,5 @@
 /*
-** Copyright 2000-2009 Double Precision, Inc.
+** Copyright 2000-2014 Double Precision, Inc.
 ** See COPYING for distribution information.
 */
 #include	"config.h"
@@ -565,6 +565,20 @@ SSL_CTX *tls_create(int isserver, const struct tls_info *info)
 	SSL_CTX_set_cipher_list(ctx, ssl_cipher_list);
 	SSL_CTX_set_timeout(ctx, session_timeout);
 
+#ifndef OPENSSL_NO_ECDH
+#ifdef SSL_CTX_set_ecdh_auto
+	SSL_CTX_set_ecdh_auto(ctx, 1);
+#else
+#ifdef NID_X9_62_prime256v1
+	{
+		EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+
+		SSL_CTX_set_tmp_ecdh(ctx, key);
+		EC_KEY_free(key);
+	}
+#endif
+#endif
+#endif
 	info_copy->tlscache=NULL;
 	init_session_cache(info_copy, ctx);