diff --git a/config.mk b/config.mk
index 08e37f1c..2878b77a 100644
--- a/config.mk
+++ b/config.mk
@@ -70,6 +70,9 @@ WITH_PYTHON:=yes
 # Build with SRV lookup support.
 WITH_SRV:=yes
 
+# Use elliptic keys in broker
+WITH_EC:=yes
+
 # =============================================================================
 # End of user configuration
 # =============================================================================
@@ -211,6 +214,9 @@ ifeq ($(UNAME),SunOS)
 	LIB_LIBS:=$(LIB_LIBS) -lsocket -lnsl
 endif
 
+ifeq ($(WITH_EC),yes)
+	BROKER_CFLAGS:=$(BROKER_CFLAGS) -DWITH_EC
+endif
 
 INSTALL?=install
 prefix=/usr/local
diff --git a/src/net.c b/src/net.c
index 8a49f200..e2858149 100644
--- a/src/net.c
+++ b/src/net.c
@@ -256,9 +256,11 @@ static int _mosquitto_tls_server_ctx(struct _mqtt3_listener *listener)
 	int ssl_options = 0;
 	char buf[256];
 	int rc;
+#ifdef WITH_EC
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
 	EC_KEY *ecdh = NULL;
 #endif
+#endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
 	if(listener->tls_version == NULL){
@@ -295,6 +297,7 @@ static int _mosquitto_tls_server_ctx(struct _mqtt3_listener *listener)
 	SSL_CTX_set_mode(listener->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
 #endif
 
+#ifdef WITH_EC
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
 	SSL_CTX_set_ecdh_auto(listener->ssl_ctx, 1);
 #elif OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
@@ -305,6 +308,7 @@ static int _mosquitto_tls_server_ctx(struct _mqtt3_listener *listener)
 	}
 	SSL_CTX_set_tmp_ecdh(listener->ssl_ctx, ecdh);
 	EC_KEY_free(ecdh);
+#endif
 #endif
 
 	snprintf(buf, 256, "mosquitto-%d", listener->port);