Hi. When I build the latest development version of httpd or nginx against the OpenSSL_1_0_2-stable branch, the ECDHE-RSA and ECDHE-ECDSA ciphers don't work. With both webservers, I can get these ciphers to work by either...
  1. Deleting: SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
  2. Adding: SSL_CTX_set_ecdh_auto(ctx, 1);

Should it still be possible to manually configure ECDH keys using SSL_CTX_set_tmp_ecdh() in 1_0_2? If so, any ideas why it isn't working? Is there a bug in OpenSSL_1_0_2-stable? Or are both httpd and nginx doing something wrong?

Or, is "SSL_CTX_set_ecdh_auto(ctx, 1);" the only supported way of doing it in 1_0_2?


Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to