automatically set SSL_CTX_set_ecdh_auto when available (#575)

commit: 6c6bf865acdd3c5ca5f47b1dbc2903023fd286b6 [log] [tgz]
author: Paul Kehrer <paul.l.kehrer@gmail.com> Mon Dec 19 06:03:48 2016 -0600
committer: Hynek Schlawack <hs@ox.cx> Mon Dec 19 13:03:48 2016 +0100
tree: b6fbeeb2e3782030b4bf4d856a08494bbca9da7c
parent: 63ef9bc5f98261ca9585919b929c13d015fc5d1f [diff]
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 63a0b7e..eb0de10 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py

@@ -475,6 +475,15 @@
         _openssl_assert(context != _ffi.NULL)
         context = _ffi.gc(context, _lib.SSL_CTX_free)
 
+        # If SSL_CTX_set_ecdh_auto is available then set it so the ECDH curve
+        # will be auto-selected. This function was added in 1.0.2 and made a
+        # noop in 1.1.0+ (where it is set automatically).
+        try:
+            res = _lib.SSL_CTX_set_ecdh_auto(context, 1)
+            _openssl_assert(res == 1)
+        except AttributeError:
+            pass
+
         self._context = context
         self._passphrase_helper = None
         self._passphrase_callback = None
commit	6c6bf865acdd3c5ca5f47b1dbc2903023fd286b6	[log] [tgz]
author	Paul Kehrer <paul.l.kehrer@gmail.com>	Mon Dec 19 06:03:48 2016 -0600
committer	Hynek Schlawack <hs@ox.cx>	Mon Dec 19 13:03:48 2016 +0100
tree	b6fbeeb2e3782030b4bf4d856a08494bbca9da7c
parent	63ef9bc5f98261ca9585919b929c13d015fc5d1f [diff]