--- a/res/res_rtp_asterisk.c	2015-08-28 11:05:29.837276448 -0400
+++ b/res/res_rtp_asterisk.c	2015-08-28 10:57:35.789237645 -0400
@@ -1270,6 +1270,23 @@
 
 	SSL_CTX_set_read_ahead(rtp->ssl_ctx, 1);
 
+	#ifndef SSL_CTRL_SET_ECDH_AUTO
+		#define SSL_CTRL_SET_ECDH_AUTO 94
+	#endif
+	/* SSL_CTX_set_ecdh_auto(rtp->ssl_ctx, on); requires OpenSSL 1.0.2 which wraps: */
+	if (SSL_CTX_ctrl(rtp->ssl_ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) {
+		ast_verb(2, "TLS/SSL ECDH initialized (automatic), faster PFS ciphers enabled\n");
+	} else {
+		/* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */
+		EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+		if (ecdh != NULL) {
+			if (SSL_CTX_set_tmp_ecdh(rtp->ssl_ctx, ecdh)) {
+				ast_verb(2, "TLS/SSL ECDH initialized (secp256r1), faster PFS cipher-suites enabled\n");
+			}
+			EC_KEY_free(ecdh);
+		}
+	}
+
 	rtp->dtls_verify = dtls_cfg->verify;
 
 	SSL_CTX_set_verify(rtp->ssl_ctx, (rtp->dtls_verify & AST_RTP_DTLS_VERIFY_FINGERPRINT) || (rtp->dtls_verify & AST_RTP_DTLS_VERIFY_CERTIFICATE) ?