OpenBSD manual page server

Manual Page Search Parameters

SSL_SET_TMP_ECDH(3) Library Functions Manual SSL_SET_TMP_ECDH(3)

SSL_set_tmp_ecdh, SSL_CTX_set_tmp_ecdh, SSL_set_ecdh_auto, SSL_CTX_set_ecdh_auto, SSL_set_tmp_ecdh_callback, SSL_CTX_set_tmp_ecdh_callbackselect a curve for ECDH ephemeral key exchange

#include <openssl/ssl.h>

long
SSL_set_tmp_ecdh(SSL *ssl, EC_KEY *ecdh);

long
SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh);

long
SSL_set_ecdh_auto(SSL *ssl, int state);

long
SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state);

void
SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));

void
SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));

Automatic EC curve selection and generation is always enabled in LibreSSL, and applications cannot manually provide EC keys for use with ECDHE key exchange.

The only remaining effect of () is that the curve of the given ecdh key becomes the only curve enabled for the ssl connection, so it is equivalent to calling SSL_set1_groups_list(3) with the same single curve name.

() has the same effect on all connections that will be created from ctx in the future.

The functions (), (), (), and () are deprecated and have no effect.

SSL_set_tmp_ecdh() and SSL_CTX_set_tmp_ecdh() return 1 on success or 0 on failure.

SSL_set_ecdh_auto(), SSL_CTX_set_ecdh_auto(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() always return 1.

ssl(3), SSL_CTX_set1_groups(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_options(3), SSL_CTX_set_tmp_dh_callback(3), SSL_new(3)

SSL_set_tmp_ecdh(), SSL_CTX_set_tmp_ecdh(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.

SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() first appeared in OpenSSL 1.0.2 and have been available since OpenBSD 5.7.

March 23, 2018 OpenBSD-current