Expose support for using ecdhe with SSL connections
diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index 8da25e2..d960eb3 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -119,6 +119,15 @@
SSL_CB_HANDSHAKE_DONE = _lib.SSL_CB_HANDSHAKE_DONE
+NID_X9_62_prime192v1 = _lib.NID_X9_62_prime192v1
+NID_X9_62_prime192v2 = _lib.NID_X9_62_prime192v2
+NID_X9_62_prime192v3 = _lib.NID_X9_62_prime192v3
+NID_X9_62_prime239v1 = _lib.NID_X9_62_prime239v1
+NID_X9_62_prime239v2 = _lib.NID_X9_62_prime239v2
+NID_X9_62_prime239v3 = _lib.NID_X9_62_prime239v3
+NID_X9_62_prime256v1 = _lib.NID_X9_62_prime256v1
+
+
class Error(Exception):
"""
An error occurred in an `OpenSSL.SSL` API.
@@ -581,6 +590,26 @@
_lib.SSL_CTX_set_tmp_dh(self._context, dh)
+ def set_tmp_ecdh_by_curve_name(self, curve_name):
+ """
+ Configure this connection to people to use Elliptical Curve
+ Diffie-Hellman key exchanges.
+
+ :param curve_name: One of the named curve constsants.
+ :return: None
+ """
+ if _lib.Cryptography_HAS_EC:
+ ecdh = _lib.EC_KEY_new_by_curve_name(curve_name)
+ if ecdh == _ffi.NULL:
+ raise ValueError(
+ "OpenSSL could not load the requested elliptic curve"
+ )
+ _lib.SSL_CTX_set_tmp_ecdh(self._context, ecdh)
+ _lib.EC_KEY_free(ecdh)
+ else:
+ raise ValueError("OpenSSL is compiled without ECDH support")
+
+
def set_cipher_list(self, cipher_list):
"""
Change the cipher list