Without an explicit call to SSL_CTX_set_ecdh_auto(reds->ctx, 1), OpenSSL 1.0 would not use ECDH ciphers (this is now automatic with OpenSSL 1.1.0). This commit adds this missing call. It's based on a suggestion from David Jasa Signed-off-by: Christophe Fergeau <cfergeau@xxxxxxxxxx> https://bugzilla.redhat.com/show_bug.cgi?id=1566597 --- server/reds.c | 1 + 1 file changed, 1 insertion(+) diff --git a/server/reds.c b/server/reds.c index 66a221c32..4b2c99196 100644 --- a/server/reds.c +++ b/server/reds.c @@ -2784,6 +2784,7 @@ static int reds_init_ssl(RedsState *reds) } SSL_CTX_set_options(reds->ctx, ssl_options); + SSL_CTX_set_ecdh_auto(reds->ctx, 1); /* Load our keys and certificates*/ return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, reds->config->ssl_parameters.certs_file); -- 2.17.1 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel