ustream-ssl: Enable ECDHE with OpenSSL.

When used with LuCI, SSLlabs complains that Forward Secrecy is not enabled and thus caps the score to a B.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

diff --git a/ustream-openssl.c b/ustream-openssl.c
index 83f61406136f460a1444b3847c90b0f8d3656a4d..2faa8557fbb32384aceb3b8346b404eebf2cba56 100644 (file)
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -49,6 +49,9 @@ __ustream_ssl_context_new(bool server)
                return NULL;
 
        SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
+#ifndef OPENSSL_NO_ECDH
+       SSL_CTX_set_ecdh_auto(c, 1);
+#endif
        SSL_CTX_set_quiet_shutdown(c, 1);
 
        return (void *) c;