OpenBSD manual page server

Manual Page Search Parameters

SSL_SET_TMP_ECDH(3) Library Functions Manual SSL_SET_TMP_ECDH(3)

SSL_set_tmp_ecdh, SSL_CTX_set_tmp_ecdh, SSL_set_ecdh_auto, SSL_CTX_set_ecdh_auto, SSL_set_tmp_ecdh_callback, SSL_CTX_set_tmp_ecdh_callbackselect a curve for ECDH ephemeral key exchange

#include <openssl/ssl.h>

SSL_set_tmp_ecdh(SSL *ssl, EC_KEY *ecdh);

SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh);

SSL_set_ecdh_auto(SSL *ssl, int state);

SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state);

SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));

SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));

Automatic EC curve selection and generation is always enabled in LibreSSL, and applications cannot manually provide EC keys for use with ECDH key exchange.

The only remaining effect of () is that the curve of the given ecdh key becomes the only curve enabled for the ssl connection, so it is equivalent to calling SSL_set1_groups_list(3) with the same single curve name.

() has the same effect on all connections that will be created from ctx in the future.

The functions (), (), (), and () are deprecated and have no effect.

SSL_set_tmp_ecdh() and SSL_CTX_set_tmp_ecdh() return 1 on success or 0 on failure.

SSL_set_ecdh_auto(), SSL_CTX_set_ecdh_auto(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() always return 1.

ssl(3), SSL_CTX_set1_groups(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_options(3), SSL_CTX_set_tmp_dh_callback(3), SSL_new(3)

SSL_set_tmp_ecdh(), SSL_CTX_set_tmp_ecdh(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.

SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() first appeared in OpenSSL 1.0.2 and have been available since OpenBSD 5.7.

November 30, 2021 OpenBSD-7.3