From 27ea6b1381ff49ada56b3f7766b5b1399f18cdc1 Mon Sep 17 00:00:00 2001
From: S-P Chan <shihping.chan@gmail.com>
Date: Thu, 12 Dec 2024 08:00:23 +0800
Subject: [PATCH] MT#55283 DTLS groups: align with OpenSSL 1.1.1 and common EC
 groups

closes #1884

Change-Id: Ia2154044d2c0504b6b1a31b17629087d250a40b9
---
 daemon/dtls.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/daemon/dtls.c b/daemon/dtls.c
index 26436070d..d757514ed 100644
--- a/daemon/dtls.c
+++ b/daemon/dtls.c
@@ -714,10 +714,12 @@ int dtls_connection_init(struct dtls_connection *d, struct packet_stream *ps, in
 	d->init = 1;
 	SSL_set_mode(d->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-	int ec_groups[1] = { NID_X9_62_prime256v1 };
-	SSL_set1_groups(d->ssl, &ec_groups, G_N_ELEMENTS(ec_groups));
-#else // <3.0
+
+        /* SSL_set1_groups_list et al. is not
+         * necessary for OpenSSL >= 1.1.1 as it has sensible defaults
+         * minimally P-521:P-384:P-256
+         */
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
 	EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 	if (ecdh == NULL)
 		goto error;