diff --git a/changelog b/changelog
index 91e1e4be..db8fce70 100644
--- a/changelog
+++ b/changelog
@@ -1,6 +1,14 @@
 Changelog
 ---------
 
+User API additions
+------------------
+
+1) There's a new member in struct lws_context_creation_info, ecdh_curve,
+which lets you set the name of the ECDH curve OpenSSL should use.  By
+default (if you leave ecdh_curve NULL) it will use "prime256v1"
+
+
 v1.7.0
 ======
 
diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index 7db50aa5..6175a3d2 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -1319,6 +1319,7 @@ extern int lws_extension_callback_pm_deflate(
  *		library are protected from hanging forever by timeouts.  If
  *		nonzero, this member lets you set the timeout used in seconds.
  *		Otherwise a default timeout is used.
+ * @ecdh_curve: if NULL, defaults to initializing server with "prime256v1"
  */
 
 struct lws_context_creation_info {
@@ -1353,6 +1354,7 @@ struct lws_context_creation_info {
 	unsigned int count_threads;
 	unsigned int fd_limit_per_thread;
 	unsigned int timeout_secs;
+	const char *ecdh_curve;
 
 	/* Add new things just above here ---^
 	 * This is part of the ABI, don't needlessly break compatibility
diff --git a/lib/ssl.c b/lib/ssl.c
index ac3ad2e8..719f4bf9 100644
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -144,6 +144,9 @@ lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info,
 	int ecdh_nid;
 	const char *ecdh_curve = "prime256v1";
 
+	if (info->ecdh_curve)
+		ecdh_curve = info->ecdh_curve;
+
 	ecdh_nid = OBJ_sn2nid(ecdh_curve);
 	if (NID_undef == ecdh_nid) {
 		lwsl_err("SSL: Unknown curve name '%s'", ecdh_curve);