From 21e1fb680762f421e05fab036f8138b2276f5037 Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Wed, 8 Jul 2015 13:39:32 -0400
Subject: [PATCH] support elliptic curve key exchange for DTLS-SRTP

fixes #130
---
 daemon/dtls.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/daemon/dtls.c b/daemon/dtls.c
index 3e25bd09b..5152915f6 100644
--- a/daemon/dtls.c
+++ b/daemon/dtls.c
@@ -520,6 +520,13 @@ int dtls_connection_init(struct packet_stream *ps, int active, struct dtls_cert
 	SSL_set_bio(d->ssl, d->r_bio, d->w_bio);
 	SSL_set_mode(d->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 
+	EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+	if (ecdh == NULL)
+		goto error;
+	SSL_set_options(d->ssl, SSL_OP_SINGLE_ECDH_USE);
+	SSL_set_tmp_ecdh(d->ssl, ecdh);
+	EC_KEY_free(ecdh);
+
 	d->init = 1;
 	d->active = active ? -1 : 0;