diff options
| author |   jsing <jsing@openbsd.org> | 2013-07-16 13:02:16 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2013-07-16 13:02:16 +0000 |
| commit | 1bc1bcd4e2231769ad39bf625c22e01207b8212b (patch) | |
| tree | 4bfa4633ca8ddc86dfcf48259556c83eac47a1eb /usr.sbin/httpd/src/modules/ssl/mod_ssl.c | |
| parent | Define HonorCipherOrder as a FLAG (rather than as a TAKE1), so that it (diff) | |
| download | wireguard-openbsd-1bc1bcd4e2231769ad39bf625c22e01207b8212b.tar.xz wireguard-openbsd-1bc1bcd4e2231769ad39bf625c22e01207b8212b.zip | |
Enable ECDHE support in httpd via a SSLECDHCurve option. This specifies the
named curve to use when generating ephemeral EC keys for an ECDHE-based
cipher suite, or can be set to `none' to disable. The default is to use
a prime256v1 curve.
yay^Wok djm@
Diffstat (limited to 'usr.sbin/httpd/src/modules/ssl/mod_ssl.c')
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/mod_ssl.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/mod_ssl.c b/usr.sbin/httpd/src/modules/ssl/mod_ssl.c index 3a50bda9b8d..01133e25485 100644 --- a/usr.sbin/httpd/src/modules/ssl/mod_ssl.c +++ b/usr.sbin/httpd/src/modules/ssl/mod_ssl.c @@ -74,7 +74,7 @@ * identify the module to SCCS `what' and RCS `ident' commands */ static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >"; -static char const rcsid[] = "$Id: mod_ssl.c,v 1.12 2013/07/16 11:32:05 jsing Exp $"; +static char const rcsid[] = "$Id: mod_ssl.c,v 1.13 2013/07/16 13:02:16 jsing Exp $"; /* * the table of configuration directives we provide @@ -113,6 +113,9 @@ static command_rec ssl_config_cmds[] = { AP_ALL_CMD(CipherSuite, TAKE1, "Colon-delimited list of permitted SSL Ciphers " "(`XXX:...:XXX' - see manual)") + AP_SRV_CMD(ECDHCurve, TAKE1, + "Name of ECDH curve to use for ephemeral EC keys " + "(`curve' - see manual)") AP_SRV_CMD(CertificateFile, TAKE1, "SSL Server Certificate file " "(`/path/to/file' - PEM or DER encoded)") |