NAME¶

SSL_set_tmp_ecdh, SSL_CTX_set_tmp_ecdh, SSL_set_ecdh_auto, SSL_CTX_set_ecdh_auto, SSL_set_tmp_ecdh_callback, SSL_CTX_set_tmp_ecdh_callback — select a curve for ECDH ephemeral key exchange

SYNOPSIS¶

#include <openssl/ssl.h>

long
SSL_set_tmp_ecdh(SSL *ssl, EC_KEY *ecdh);

long
SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh);

long
SSL_set_ecdh_auto(SSL *ssl, int state);

long
SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state);

void
SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));

void
SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));

DESCRIPTION¶

Automatic EC curve selection and generation is always enabled in LibreSSL, and applications cannot manually provide EC keys for use with ECDH key exchange.

The only remaining effect of SSL_set_tmp_ecdh() is that the curve of the given ecdh key becomes the only curve enabled for the ssl connection, so it is equivalent to calling SSL_set1_groups_list(3) with the same single curve name.

SSL_CTX_set_tmp_ecdh() has the same effect on all connections that will be created from ctx in the future.

The functions SSL_set_ecdh_auto(), SSL_CTX_set_ecdh_auto(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() are deprecated and have no effect.

RETURN VALUES¶

SSL_set_tmp_ecdh() and SSL_CTX_set_tmp_ecdh() return 1 on success or 0 on failure.

SSL_set_ecdh_auto(), SSL_CTX_set_ecdh_auto(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() always return 1.

SEE ALSO¶

ssl(3), SSL_CTX_set1_groups(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_options(3), SSL_CTX_set_tmp_dh_callback(3), SSL_new(3)

HISTORY¶

SSL_set_tmp_ecdh(), SSL_CTX_set_tmp_ecdh(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.

SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() first appeared in OpenSSL 1.0.2 and have been available since OpenBSD 5.7.