From 74ad0a99cbfdfaf0e2b644ffcdbd84364cc83a99 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 1 May 2026 19:12:22 +0000
Subject: [PATCH] Use default DH params. Fixes #290

---
 ncat/ncat_ssl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ncat/ncat_ssl.c b/ncat/ncat_ssl.c
index c24f3c8b5..b48f6675a 100644
--- a/ncat/ncat_ssl.c
+++ b/ncat/ncat_ssl.c
@@ -141,6 +141,9 @@ SSL_CTX *setup_ssl_listen(const SSL_METHOD *method)
         bye("SSL_CTX_new(): %s.", ERR_error_string(ERR_get_error(), NULL));
 
     SSL_CTX_set_options(sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
+#ifdef SSL_CTX_set_dh_auto
+    SSL_CTX_set_dh_auto(sslctx, 1);
+#endif
 
     /* Secure ciphers list taken from Nsock. */
     if (o.sslciphers == NULL) {