Remove SSL_CTX_set_tmp_ecdh call
This now has the undesired effect of making a client only support this
curve for ECDHE. This used to be needed to allow a server to handshake
with ECDHE, but is now unnecessary for BoringSSL. The client doesn't
want this call and the server no longer needs this call, so delete it.
(cherry picked from commit 1ba6bcf113085c493ccd4574ed685cd0efad4aeb)
Test: mmma -j32 external/conscrypt && make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
Bug: 31393711
Change-Id: Ib7afdcc3ea7ee3d2222a262f3c57abd065a4b4e1
diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp
index 9af0cda..bd26fd5 100644
--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp
@@ -8113,14 +8113,6 @@
SSL_CTX_set_tmp_rsa_callback(sslCtx.get(), tmp_rsa_callback);
SSL_CTX_set_tmp_dh_callback(sslCtx.get(), tmp_dh_callback);
- // If negotiating ECDH, use P-256.
- Unique_EC_KEY ec(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- if (ec.get() == nullptr) {
- throwExceptionIfNecessary(env, "EC_KEY_new_by_curve_name");
- return 0;
- }
- SSL_CTX_set_tmp_ecdh(sslCtx.get(), ec.get());
-
JNI_TRACE("NativeCrypto_SSL_CTX_new => %p", sslCtx.get());
return (jlong) sslCtx.release();
}
