From b9b1b61d20e801983e60fd470d2b257d392c825d Mon Sep 17 00:00:00 2001
From: Eric Tamme <etamme@gmail.com>
Date: Fri, 24 Apr 2015 10:31:03 -0500
Subject: [PATCH] FS-7425: set dh params and call set_tmp_dh to enable PFS for
 DTLS-SRTP

---
 src/switch_rtp.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index 2d2525c3e7..a3f2e2e95c 100644
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3075,6 +3075,8 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
 	switch_dtls_t *dtls;
 	int ret;
 	const char *kind = "";
+	BIO *bio;
+	DH *dh;
 
 #ifndef HAVE_OPENSSL_DTLS_SRTP
 	return SWITCH_STATUS_FALSE;
@@ -3122,6 +3124,12 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
 	dtls->ssl_ctx = SSL_CTX_new(DTLSv1_method());
 	switch_assert(dtls->ssl_ctx);
 
+	bio = BIO_new_file(dtls->pem, "r");
+	dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+	BIO_free(bio);
+	SSL_CTX_set_tmp_dh(dtls->ssl_ctx, dh);
+	DH_free(dh);
+
 	SSL_CTX_set_mode(dtls->ssl_ctx, SSL_MODE_AUTO_RETRY);
 
 	//SSL_CTX_set_verify(dtls->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);