Add Perfect Forward Secrecy (DHE PFS) to mod_sofia

Ephemeral ECDH (ECDHE) was supported already. This patch adds Ephemeral
DH (DHE). To enable it, add DH parameters into the private-key file of
your server (agent.pem). For example via:
openssl dhparam -out dh.pem 2048

FS-7561 #resolve

conf/vanilla/vars.xml

@@ -413,8 +413,6 @@
      openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
 
      Will show you what is available in your verion of openssl.
-     Freeswitch does not support non-Elliptic Curve Diffie Hellman key 
-     exchange.  
   -->
   <X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/>
   

libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c

@@ -381,6 +381,27 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
 #if require_client_certificate
     errno = EIO;
     return -1;
+#endif
+#ifndef OPENSSL_NO_DH
+  } else {
+    BIO *bio = BIO_new_file(ti->key, "r");
+    if (bio != NULL) {
+      DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+      if (dh != NULL) {
+        if (!SSL_CTX_set_tmp_dh(tls->ctx, dh)) {
+          SU_DEBUG_1(("%s: invalid DH parameters (PFS) because %s: %s\n",
+                      "tls_init_context",
+                      ERR_reason_error_string(ERR_get_error()),
+                      ti->key));
+        } else {
+          long options = SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_DH_USE;
+          options = SSL_CTX_set_options(tls->ctx, options);
+          SU_DEBUG_3(("%s\n", "tls: initialized DHE"));
+        }
+        DH_free(dh);
+      }
+      BIO_free(bio);
+    }
 #endif
   }