From 3aebabce3d0ebb992af8bf21abfc0c5e44128a3a Mon Sep 17 00:00:00 2001
From: Nik Bougalis <nikb@bougalis.net>
Date: Fri, 12 Jun 2015 11:44:46 -0700
Subject: [PATCH] Revert "Enable EDH only for anonymous SSL contexts":

The issue was caused by client-side functionality added to IE
to protect against LOGJAM. By properly supporting larger keys
we no longer need to disable Ephemeral DH.

This reverts commit 3028ffd08361ce047c85de7f2c8f2d31fabf00a7.
---
 src/ripple/basics/impl/make_SSLContext.cpp | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/src/ripple/basics/impl/make_SSLContext.cpp b/src/ripple/basics/impl/make_SSLContext.cpp
index 4e2f517d36..450dc661bb 100644
--- a/src/ripple/basics/impl/make_SSLContext.cpp
+++ b/src/ripple/basics/impl/make_SSLContext.cpp
@@ -284,7 +284,7 @@ error_message (std::string const& what,
 
 static
 void
-initCommon (boost::asio::ssl::context& context, bool anonymous)
+initCommon (boost::asio::ssl::context& context)
 {
     context.set_options (
         boost::asio::ssl::context::default_workarounds |
@@ -292,14 +292,9 @@ initCommon (boost::asio::ssl::context& context, bool anonymous)
         boost::asio::ssl::context::no_sslv3 |
         boost::asio::ssl::context::single_dh_use);
 
-    if (anonymous)
-    {
-        // EDH breaks compatibility with some versions of IE
-        // So we do not enable EDH except for the anonymous context
-        SSL_CTX_set_tmp_dh_callback (
-            context.native_handle (),
-           tmp_dh_handler);
-    }
+    SSL_CTX_set_tmp_dh_callback (
+        context.native_handle (),
+        tmp_dh_handler);
 
     SSL_CTX_set_info_callback (
         context.native_handle (),
@@ -311,7 +306,7 @@ void
 initAnonymous (
     boost::asio::ssl::context& context, std::string const& cipherList)
 {
-    initCommon(context, true);
+    initCommon(context);
     int const result = SSL_CTX_set_cipher_list (
         context.native_handle (),
         cipherList.c_str ());
@@ -337,7 +332,7 @@ void
 initAuthenticated (boost::asio::ssl::context& context,
     std::string key_file, std::string cert_file, std::string chain_file)
 {
-    initCommon (context, false);
+    initCommon (context);
 
     SSL_CTX* const ssl = context.native_handle ();