Use SSL_CTX_set_tmp_ecdh instead of SSL_CTX_set_tmp_ecdh_callback.
Conscrypt is the only consumer of SSL_CTX_set_tmp_ecdh_callback for BoringSSL.
The callback variant is also bizarre. The key length parameter is legacy and
pointless. When used with SSL_OP_SINGLE_ECDH (which BoringSSL always enables),
there's no point in configuring the callback over a static group. The callback
also does not participate in supported_curves negotiation.
1 file changed