NAME
SSL_set_tmp_ecdh,
SSL_CTX_set_tmp_ecdh,
SSL_set_ecdh_auto,
SSL_CTX_set_ecdh_auto,
SSL_set_tmp_ecdh_callback,
SSL_CTX_set_tmp_ecdh_callback —
select a curve for ECDH ephemeral key
exchange
SYNOPSIS
#include
<openssl/ssl.h>
long
SSL_set_tmp_ecdh(SSL *ssl,
EC_KEY *ecdh);
long
SSL_CTX_set_tmp_ecdh(SSL_CTX
*ctx, EC_KEY *ecdh);
long
SSL_set_ecdh_auto(SSL *ssl,
int state);
long
SSL_CTX_set_ecdh_auto(SSL_CTX
*ctx, int state);
void
SSL_set_tmp_ecdh_callback(SSL
*ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int
keylength));
void
SSL_CTX_set_tmp_ecdh_callback(SSL_CTX
*ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int
keylength));
DESCRIPTION
Automatic EC curve selection and generation is always enabled in LibreSSL, and applications cannot manually provide EC keys for use with ECDHE key exchange.The only remaining effect of
SSL_set_tmp_ecdh()
is that the curve of the given ecdh key becomes the
only curve enabled for the ssl connection, so it is
equivalent to calling
SSL_set1_groups_list(3) with the same single curve name.
SSL_CTX_set_tmp_ecdh()
has the same effect on all connections that will be created from
ctx in the future.
The functions
SSL_set_ecdh_auto(),
SSL_CTX_set_ecdh_auto(),
SSL_set_tmp_ecdh_callback(),
and
SSL_CTX_set_tmp_ecdh_callback()
are deprecated and have no effect.
RETURN VALUES
SSL_set_tmp_ecdh() and
SSL_CTX_set_tmp_ecdh() return 1 on success or 0 on
failure.
SSL_set_ecdh_auto(),
SSL_CTX_set_ecdh_auto(),
SSL_set_tmp_ecdh_callback(), and
SSL_CTX_set_tmp_ecdh_callback() always return 1.
SEE ALSO
ssl(3), SSL_CTX_set1_groups(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_options(3), SSL_CTX_set_tmp_dh_callback(3), SSL_new(3)
HISTORY
SSL_set_tmp_ecdh(),
SSL_CTX_set_tmp_ecdh(),
SSL_set_tmp_ecdh_callback(), and
SSL_CTX_set_tmp_ecdh_callback() first appeared in
OpenSSL 0.9.8 and have been available since OpenBSD
4.5.
SSL_CTX_set_ecdh_auto() and
SSL_set_ecdh_auto() first appeared in OpenSSL 1.0.2
and have been available since OpenBSD 5.7.