> > Without an explicit call to SSL_CTX_set_ecdh_auto(reds->ctx, 1), OpenSSL > 1.0 would not use ECDH ciphers (this is now automatic with OpenSSL > 1.1.0). This commit adds this missing call. It's based on a suggestion > from David Jasa > > Signed-off-by: Christophe Fergeau <cfergeau@xxxxxxxxxx> > > https://bugzilla.redhat.com/show_bug.cgi?id=1566597 Patch make sense. Personally I had to dig into the bugs to check which distro version still used OpenSSL 1.0. Would be good to add in the commit message. > --- > server/reds.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/server/reds.c b/server/reds.c > index 66a221c32..4b2c99196 100644 > --- a/server/reds.c > +++ b/server/reds.c > @@ -2784,6 +2784,7 @@ static int reds_init_ssl(RedsState *reds) > } > > SSL_CTX_set_options(reds->ctx, ssl_options); > + SSL_CTX_set_ecdh_auto(reds->ctx, 1); > > /* Load our keys and certificates*/ > return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, > reds->config->ssl_parameters.certs_file); Otherwise, Acked-by: Frediano Ziglio <fziglio@xxxxxxxxxx> Frediano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel