Displaying 3 results from an estimated 3 matches for "ssl_op_single_ecdh_us".
Did you mean:
ssl_op_single_ecdh_use
2013 Aug 07
2
2.2.5 fails to compile - SSL_OP_SINGLE_ECDH_USE : Solaris 10 + Sunstudio 12.3
Hi,
Compile fails in these two files
src/lib-ssl-iostream/iostream-openssl-context.c
src/login-common/ssl-proxy-openssl.c
due to missing SSL_OP_SINGLE_ECDH_USE
In these there is only
#if !defined(OPENSSL_NO_ECDH)
when all the other places it always compares also SSL version
#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L
Tomppa
2013 Aug 27
1
Install of Dovecot 2.2.5 on Solaris 10/Openssl version 0.9.7d 17 Mar 2004
...ime -I/usr/sfw/include -MT iostream-openssl-context.lo -MD -MP -MF .deps/iostream-openssl-context.Tpo -c iostream-openssl-context.c -fPIC -DPIC -o .libs/iostream-openssl-context.o
iostream-openssl-context.c: In function `ssl_proxy_ctx_set_crypto_params':
iostream-openssl-context.c:451: error: `SSL_OP_SINGLE_ECDH_USE' undeclared (first use in this function)
iostream-openssl-context.c:451: error: (Each undeclared identifier is reported only once
iostream-openssl-context.c:451: error: for each function it appears in.)
I followed directions found in http://hg.dovecot.org/dovecot-2.2/rev/27ebd9552471 to resol...
2013 Jul 06
1
[PATCH] login-common: Add support for ECDH/ECDHE cipher suites
...dh_callback);
- return xnames;
+#if !defined(OPENSSL_NO_ECDH)
+ /* In the non-recommended situation where ECDH cipher suites are being
+ used instead of ECDHE, do not reuse the same ECDH key pair for
+ different sessions. This option improves forward secrecy. */
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
+#endif
+#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L
+ /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
+ selection. */
+ SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
+#elif !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >=...