Commit b51a33e5 authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Merge commit 'origin/maint-0.2.1'

parents 0faf5c5f 3a2d677f
......@@ -588,6 +588,18 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
SSL_CTX_set_options(result->ctx,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
/* Yes, we know what we are doing here. No, we do not treat a renegotiation
* as authenticating any earlier-received data.
*
* (OpenSSL 0.9.8l introdeced SSL3_FLAGS_ALLOW_UNSAGE_LEGACY_RENEGOTIATION
* here. OpenSSL 0.9.8m thoughtfully turned it into an option and (it
* seems) broke anything that used SSL3_FLAGS_* for the purpose. So we need
* to do both.)
*/
SSL_CTX_set_options(result->ctx,
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
#endif
/* Don't actually allow compression; it uses ram and time, but the data
* we transmit is all encrypted anyway. */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment