From 8e1b2eab7b162c02eb5fc8e4b30aab659a69e18f Mon Sep 17 00:00:00 2001
From: Michael Jerris <mike@jerris.com>
Date: Fri, 24 Jul 2015 15:21:49 -0500
Subject: [PATCH] FS-7839: attempt to work with new EC dtls requirements for
 firefox >38

---
 src/switch_rtp.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index 3da9b91f24..9e427dc821 100644
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3187,6 +3187,7 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
 	const char *kind = "";
 	BIO *bio;
 	DH *dh;
+	EC_KEY* ecdh;
 
 #ifndef HAVE_OPENSSL_DTLS_SRTP
 	return SWITCH_STATUS_FALSE;
@@ -3293,6 +3294,15 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
 	SSL_set_mode(dtls->ssl, SSL_MODE_AUTO_RETRY);
 	SSL_set_read_ahead(dtls->ssl, 1);
 	//SSL_set_verify(dtls->ssl, (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), cb_verify_peer);
+
+	ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+	if (!ecdh) {
+		return SWITCH_STATUS_FALSE;
+	}
+	SSL_set_options(dtls->ssl, SSL_OP_SINGLE_ECDH_USE);
+	SSL_set_tmp_ecdh(dtls->ssl, ecdh);
+	EC_KEY_free(ecdh);
+
 	SSL_set_verify(dtls->ssl, SSL_VERIFY_NONE, NULL);
 	SSL_set_app_data(dtls->ssl, dtls);