Added OpenSSL server side EDHCE cipher support

CHANGES

@@ -47,6 +47,9 @@ new features:
 	Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
 	Tests: OPENSSL_METHOD_*
 
+	Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
+	by Andrey Arapov.
+
 	Added a new option termios-rawer for ptys.
 	Thanks to Christian Vogelgsang for pointing me to this requirement
 
@@ -118,15 +121,15 @@ porting:
 	Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
 	on Illumos
 
+	Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
+	_POSIX_PTHREAD_SEMANTICS; and minor changes
+
 	Red Hat issue 1182005: socat 1.7.2.4 build failure missing
 	linux/errqueue.h
 	Socat failed to compile on on PPC due to new requirements for
 	including <linux/errqueue.h> and a weakness in the conditional code.
 	Thanks to Michel Normand for reporting this issue.
 
-	Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
-	_POSIX_PTHREAD_SEMANTICS; and minor changes
-
 doc:
 	In the man page the PTY example was badly formatted. Thanks to
 	J.F.Sebastian for sending a patch.

xio-openssl.c

@@ -960,6 +960,28 @@ int
       }
    }
 
+   {
+      /* see http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-td42229.html */
+      int	 nid;
+      EC_KEY *ecdh;
+
+#if 0
+      nid = OBJ_sn2nid(ECDHE_CURVE);
+      if (nid == NID_undef) {
+	 Error("openssl: failed to set ECDHE parameters");
+	 return -1;
+      }
+#endif
+      nid = NID_X9_62_prime256v1;
+      ecdh = EC_KEY_new_by_curve_name(nid);
+      if (NULL == ecdh) {
+	 Error("openssl: failed to set ECDHE parameters");
+	 return -1;
+      }
+
+      SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
+   }
+
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
    if (opt_compress) {
       int result;