small patch to enable openssl's elliptic curve Diffie-Hellman

Henrique de Moraes Holschuh hmh at debian.org
Sun Jan 20 19:38:28 EST 2013


On Sun, 20 Jan 2013, Chris Panayis wrote:
> Hi - This patch enables ECDH in openssl v1.0.1c. It selects a

It also SSL_CTX_set_options(SSL_OP_NO_COMPRESSION).

Why?  And if that's a good thing, shouldn't it be on a patch of its own?

> @@ -666,7 +667,13 @@ int     tls_init_serverengine(const char
>      off |= SSL_OP_NO_SSLv2;
>      off |= SSL_OP_NO_SSLv3;
>      }
> +
>      SSL_CTX_set_options(s_ctx, off);
> +
> +#ifdef SSL_OP_NO_COMPRESSION
> +    SSL_CTX_set_options(s_ctx, SSL_OP_NO_COMPRESSION);
> +#endif
> +

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh


More information about the Cyrus-devel mailing list