diff options
| author | Ashod Nakashian <ashod.nakashian@collabora.co.uk> | 2022-04-20 18:37:28 -0400 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2022-04-25 10:50:03 +0200 |
| commit | de31ecebeb23103c6bd4eb773e807e85b6637c06 (patch) | |
| tree | bb19cb8d8603e7337e68314277d7f5c3deaefdf9 /net | |
| parent | Fix 'Insert Comment' invoked by keyboard shortcut (fixes #4109) (diff) | |
| download | online-de31ecebeb23103c6bd4eb773e807e85b6637c06.tar.gz online-de31ecebeb23103c6bd4eb773e807e85b6637c06.zip | |
wsd: use the default DH parameters in SSL
OpenSSL 3 deprecated the manual DH parameter
functions. Instead, it encourages the use
of the built-in parameters. Since this
API also works on the 1.1 version, we only
need the manual parameters for older versions.
Change-Id: I900cc11c3ca09f1d85b7d88cfbf537d802f69846
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Diffstat (limited to 'net')
| -rw-r--r-- | net/Ssl.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/Ssl.cpp b/net/Ssl.cpp index eeac4e92b1..790b3c6987 100644 --- a/net/Ssl.cpp +++ b/net/Ssl.cpp @@ -224,6 +224,10 @@ void SslContext::dynlockDestroy(struct CRYPTO_dynlock_value* lock, const char* / void SslContext::initDH() { #ifndef OPENSSL_NO_DH +// On OpenSSL 1.1 and newer use the auto parameters. +#if OPENSSL_VERSION_NUMBER >= 0x10100003L + SSL_CTX_set_dh_auto(_ctx, 1); +#else // 2048-bit MODP Group with 256-bit prime order subgroup (RFC5114) static const unsigned char dh2048_p[] = @@ -308,6 +312,7 @@ void SslContext::initDH() SSL_CTX_set_options(_ctx, SSL_OP_SINGLE_DH_USE); DH_free(dh); #endif +#endif } void SslContext::initECDH() |