[OpenBSD]

Manual Page Search Parameters

SSL_SET_TMP_ECDH(3) Library Functions Manual SSL_SET_TMP_ECDH(3)

SSL_set_tmp_ecdh, SSL_CTX_set_tmp_ecdh, SSL_set_ecdh_auto, SSL_CTX_set_ecdh_auto, SSL_set_tmp_ecdh_callback, SSL_CTX_set_tmp_ecdh_callback
select a curve for ECDH ephemeral key exchange

#include <openssl/ssl.h>
long
SSL_set_tmp_ecdh(SSL *ssl, EC_KEY *ecdh);
long
SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh);
long
SSL_set_ecdh_auto(SSL *ssl, int state);
long
SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state);
void
SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
void
SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));

Automatic EC curve selection and generation is always enabled in LibreSSL, and applications cannot manually provide EC keys for use with ECDHE key exchange.
The only remaining effect of SSL_set_tmp_ecdh() is that the curve of the given ecdh key becomes the only curve enabled for the ssl connection, so it is equivalent to calling SSL_set1_groups_list(3) with the same single curve name.
SSL_CTX_set_tmp_ecdh() has the same effect on all connections that will be created from ctx in the future.
The functions SSL_set_ecdh_auto(), SSL_CTX_set_ecdh_auto(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() are deprecated and have no effect.

SSL_set_tmp_ecdh() and SSL_CTX_set_tmp_ecdh() return 1 on success or 0 on failure.
SSL_set_ecdh_auto(), SSL_CTX_set_ecdh_auto(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() always return 1.

ssl(3), SSL_CTX_set1_groups(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_options(3), SSL_CTX_set_tmp_dh_callback(3), SSL_new(3)

SSL_set_tmp_ecdh(), SSL_CTX_set_tmp_ecdh(), SSL_set_tmp_ecdh_callback(), and SSL_CTX_set_tmp_ecdh_callback() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.
SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() first appeared in OpenSSL 1.0.2 and have been available since OpenBSD 5.7.
March 23, 2018 OpenBSD-current