From 779286be3779f5d2f159cda12a75015c3e07a3af Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <postfix-users@dukhovni.org>
Date: Sun, 29 May 2016 13:30:14 -0400
Subject: [PATCH] Disable reuse of ECDH ephemeral keys

---
 postfix/src/tls/tls_misc.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index 0407b3c79..e8b6d7cf1 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -381,6 +381,18 @@ static const LONG_NAME_MASK ssl_op_tweaks[] = {
     0, 0,
 };
 
+ /*
+  * Once these have been a NOOP long enough, they might some day be removed
+  * from OpenSSL.  The defines below will avoid bitrot issues if/when that
+  * happens.
+  */
+#ifndef SSL_OP_SINGLE_DH_USE
+#define SSL_OP_SINGLE_DH_USE 0
+#endif
+#ifndef SSL_OP_SINGLE_ECDH_USE
+#define SSL_OP_SINGLE_ECDH_USE 0
+#endif
+
  /*
   * Ciphersuite name <=> code conversion.
   */
@@ -1059,6 +1071,14 @@ long    tls_bug_bits(void)
 	enable &= ~(SSL_OP_ALL | TLS_SSL_OP_MANAGED_BITS);
 	bits |= enable;
     }
+
+    /*
+     * We unconditionally avoid re-use of ephemeral keys, note that we set DH
+     * keys via a callback, so reuse was never possible, but the ECDH key is
+     * set statically, so that is potentially subject to reuse.  Set both
+     * options just in case.
+     */
+    bits |= SSL_OP_SINGLE_ECDH_USE | SSL_OP_SINGLE_DH_USE;
     return (bits);
 }
 
-- 
2.47.3