From a3b6d58df43a256193b6bcdb4fe718d6f7a61ef5 Mon Sep 17 00:00:00 2001
From: Daniel Roethlisberger <daniel@roe.ch>
Date: Fri, 11 May 2012 18:03:07 +0200
Subject: [PATCH] State why ECDH is disabled with OpenSSL < 1.0.0e

---
 ssl.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssl.h b/ssl.h
index 1fdd741..d86149e 100644
--- a/ssl.h
+++ b/ssl.h
@@ -38,6 +38,11 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
+/*
+ * ECDH is disabled when building against OpenSSL < 1.0.0e due to issues with
+ * thread-safety and security in server mode ephemereal ECDH cipher suites.
+ * http://www.openssl.org/news/secadv_20110906.txt
+ */
 #if (OPENSSL_VERSION_NUMBER < 0x10000000L) && !defined(OPENSSL_NO_THREADID)
 #define OPENSSL_NO_THREADID
 #endif