From 79cdf65a72182befdf94f4524b2dc17f25b40309 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 18 Jul 2018 15:07:22 -0400
Subject: [PATCH] Fix SLES sockapi

Previous fix was applied to the incorrect section of code
---
 confluent_server/confluent/sockapi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confluent_server/confluent/sockapi.py b/confluent_server/confluent/sockapi.py
index adb44cf1..db6d5864 100644
--- a/confluent_server/confluent/sockapi.py
+++ b/confluent_server/confluent/sockapi.py
@@ -338,6 +338,7 @@ def _tlsstartup(cnn):
         ctx.set_cipher_list(
             'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:'
             'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384')
+        ctx.set_tmp_ecdh(crypto.get_elliptic_curve('secp384r1'))
         ctx.use_certificate_file('/etc/confluent/srvcert.pem')
         ctx.use_privatekey_file('/etc/confluent/privkey.pem')
         ctx.set_verify(libssln.VERIFY_PEER, lambda *args: True)
@@ -357,7 +358,6 @@ def _tlsstartup(cnn):
             ctx.set_ciphers(
                 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:'
                 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384')
-            ctx.set_tmp_ecdh(crypto.get_elliptic_curve('secp384r1'))
             ctx.load_cert_chain('/etc/confluent/srvcert.pem',
                                 '/etc/confluent/privkey.pem')
             cnn = ctx.wrap_socket(cnn, server_side=True)