NAME

SSL_set_tmp_ecdh, SSL_CTX_set_tmp_ecdh, SSL_set_ecdh_auto, SSL_CTX_set_ecdh_auto, SSL_set_tmp_ecdh_callback, SSL_CTX_set_tmp_ecdh_callback — select a curve for ECDH ephemeral key exchange

SYNOPSIS

#include <openssl/ssl.h>

long
SSL_set_tmp_ecdh(SSL *ssl, EC_KEY *ecdh);

long
SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh);

long
SSL_set_ecdh_auto(SSL *ssl, int state);

long
SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state);

void
SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));

void
SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));

DESCRIPTION

Automatic EC curve selection and generation is always enabled in LibreSSL, and applications cannot manually provide EC keys for use with ECDH key exchange.

The only remaining effect of SSL_set_tmp_ecdh() is that the curve of the given ecdh key becomes the only curve enabled for the ssl connection, so it is equivalent to calling SSL_set1_groups_list(3) with the same single curve name.

SSL_CTX_set_tmp_ecdh() has the same effect on all connections that will be created from ctx in the future.

The functions SSL_set_ecdh_auto(), SSL_CTX_set_ecdh_auto(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() are deprecated and have no effect.

RETURN VALUES

SSL_set_tmp_ecdh() and SSL_CTX_set_tmp_ecdh() return 1 on success or 0 on failure.

SSL_set_ecdh_auto(), SSL_CTX_set_ecdh_auto(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() always return 1.

SEE ALSO

ssl(3), SSL_CTX_set1_groups(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_options(3), SSL_CTX_set_tmp_dh_callback(3), SSL_new(3)

HISTORY

SSL_set_tmp_ecdh(), SSL_CTX_set_tmp_ecdh(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.

SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() first appeared in OpenSSL 1.0.2 and have been available since OpenBSD 5.7.