How to get "EVP_PKEY *dhpkey" from NID_X9_62_prime256v1.

Matt Caswell matt at
Fri Aug 27 08:00:41 UTC 2021

On 27/08/2021 08:47, Kumar Mishra, Sanjeev wrote:
> Hi All,
> I am upgrading the code from OpenSSL 1.0.1 to OpenSSL 3.0.
> I am getting compilation errors for deprecated functions and structure 
> like "EC_KEY_new_by_curve_name()" , "SSL_CTX_set_tmp_ecdh()" and 
> "EC_KEY"......etc.
> The code is like follows --
> -------
> -------
> EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
> SSL_CTX_set_tmp_ecdh(mrmIcbPtr -> sslServerCtx, ecdh);
> .........
> .........

The SSL_CTX_set_tmp_ecdh man page says this:

"SSL_CTX_set_tmp_ecdh() sets ECDH parameters to be used to be B<ecdh>.
The key is inherited by all B<ssl> objects created from B<ctx>.
This macro is deprecated in favor of L<SSL_CTX_set1_groups(3)>."

So call SSL_CTX_set1_groups() instead:

Actually, even easier you can call SSL_CTX_set1_groups_list() 
(documented on the same man page), which means you can just set the 
group via a string:

SSL_CTX_set1_groups_list(mrmIcbPtr -> sslServerCtx, "P-256");

Where "P-256" is the string name associated with NID_X9_62_prime256v1.

Or your final alternative is to not doing anything at all, and simply 
remove this code. In 3.0 you can specify multiple groups and they have 
sensible defaults that are already set for you (which include X25519 and 


More information about the openssl-users mailing list