rack/listener: tls: call tmp_ecdh_callback only when needed

OpenSSL::SSL::SSLContext#tmp_ecdh_callback will be removed and probably OpenSSL::SSL::SSLContext#set_ecdh_curves will be added. If using OpenSSL 1.0.2 or 1.1.0 (is required), it has 'default supported curves' so we don't need to set the curve to use explicitly.
author: Kazuki Yamaguchi <k@rhe.jp> 2016-05-08 16:11:41 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2016-05-08 16:14:45 +0900
commit: 91986110370ba6d53a67376dda36c7e7efd9494e (patch)
tree: 4397f27e6fc972ee7fc35e82787548b659a2c8ba
parent: 023d9d1d1018c03896914f67c9d87846c3ce081b (diff)
download: plum-91986110370ba6d53a67376dda36c7e7efd9494e.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/plum/rack/listener.rb b/lib/plum/rack/listener.rb
index ac60310..5a9fe27 100644
--- a/lib/plum/rack/listener.rb
+++ b/lib/plum/rack/listener.rb
@@ -63,7 +63,9 @@ module Plum
         ctx = OpenSSL::SSL::SSLContext.new
         ctx.ssl_version = :TLSv1_2
         ctx.alpn_select_cb = -> (protocols) { protocols.include?("h2") ? "h2" : protocols.first }
-        ctx.tmp_ecdh_callback = -> (sock, ise, keyl) { OpenSSL::PKey::EC.new("prime256v1") }
+        if ctx.respond_to?(:tmp_ecdh_callback) && !ctx.respond_to?(:set_ecdh_curves)
+          ctx.tmp_ecdh_callback = -> (sock, ise, keyl) { OpenSSL::PKey::EC.new("prime256v1") }
+        end
         *ctx.extra_chain_cert, ctx.cert = parse_chained_cert(cert)
         ctx.key = OpenSSL::PKey::RSA.new(key)
         ctx.servername_cb = proc { |sock, hostname|
author	Kazuki Yamaguchi <k@rhe.jp>	2016-05-08 16:11:41 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2016-05-08 16:14:45 +0900
commit	91986110370ba6d53a67376dda36c7e7efd9494e (patch)
tree	4397f27e6fc972ee7fc35e82787548b659a2c8ba
parent	023d9d1d1018c03896914f67c9d87846c3ce081b (diff)
download	plum-91986110370ba6d53a67376dda36c7e7efd9494e.tar.gz