1 files changed, 8 insertions, 3 deletions

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 0e68bd869b..7cbb2f474f 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -270,7 +270,7 @@ ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
 }
 #endif /* OPENSSL_NO_DH */
 
-#if defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
+#if defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) && !defined(HAVE_SSL_CTX_SET1_CURVES_LIST)
 static EC_KEY *
 ossl_tmp_ecdh_callback(SSL *ssl, int is_export, int keylength)
 {
@@ -696,7 +696,7 @@ ossl_sslctx_setup(VALUE self)
     SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback);
 #endif
 
-#if defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
+#if defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) && !defined(HAVE_SSL_CTX_SET1_CURVES_LIST)
     SSL_CTX_set_tmp_ecdh_callback(ctx, ossl_tmp_ecdh_callback);
 #endif
 
@@ -1012,9 +1012,14 @@ ossl_sslctx_set_elliptic_curves(VALUE self, VALUE str)
     if (!ctx)
 	ossl_raise(eSSLError, "SSL_CTX is not initialized.");
 
-#if defined(HAVE_SSL_CTX_SET1_CURVES_LIST) /* OpenSSL 1.0.2- */
+#if defined(HAVE_SSL_CTX_SET1_CURVES_LIST)
     if (!SSL_CTX_set1_curves_list(ctx, cstr))
 	ossl_raise(eSSLError, "SSL_CTX_set1_curves_list");
+#if defined(HAVE_SSL_CTX_SET_ECDH_AUTO)
+    /* always enabled in 1.1.0, needed only in 1.0.2 */
+    if (!SSL_CTX_set_ecdh_auto(ctx, 1))
+	ossl_raise(eSSLError, "SSL_CTX_set_ecdh_auto");
+#endif
 #else
     if (strstr(cstr, ":"))
 	ossl_raise(eSSLError, "only one curve can be specified");