Remove support for SSL_{CTX_}set_tmp_ecdh_callback().

This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
author: Kurt Roeckx <kurt@roeckx.be> 2015-12-04 22:22:31 +0100
committer: Kurt Roeckx <kurt@roeckx.be> 2015-12-04 22:22:31 +0100
commit: 6f78b9e824c053d062188578635c575017b587c5 (patch)
tree: 384ac167954740453837f37e9ad0cbadcb5888b7 /CHANGES
parent: ad3819c29ed91ee31ebc806939e6104970694811 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 55362fe00f..b365cb0ad1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -13,6 +13,10 @@
      pages. This work was developed in partnership with Intel Corp.
      [Matt Caswell]
 
+  *) Remove support for SSL_{CTX_}set_tmp_ecdh_callback().  You should set the
+     curve you want to support using SSL_{CTX_}set1_curves().
+     [Kurt Roeckx]
+
   *) State machine rewrite. The state machine code has been significantly
      refactored in order to remove much duplication of code and solve issues
      with the old code (see ssl/statem/README for further details). This change
author	Kurt Roeckx <kurt@roeckx.be>	2015-12-04 22:22:31 +0100
committer	Kurt Roeckx <kurt@roeckx.be>	2015-12-04 22:22:31 +0100
commit	6f78b9e824c053d062188578635c575017b587c5 (patch)
tree	384ac167954740453837f37e9ad0cbadcb5888b7 /CHANGES
parent	ad3819c29ed91ee31ebc806939e6104970694811 (diff)