Commit 1e46a391 authored by Nick Mathewson's avatar Nick Mathewson 🤹
Browse files

Merge branch 'ticket27344_029' into maint-0.2.9

parents 9fcb3ef7 2ec88a2a

changes/bug27344

0 → 100644
+4 −0
Original line number Diff line number Diff line 
  o Minor features (compatibility):

    - Tell OpenSSL to maintain backward compatibility with previous

      RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these ciphers

      are disabled by default. Closes ticket 27344.

configure.ac

+1 −0
Original line number Diff line number Diff line
@@ -678,6 +678,7 @@ AC_CHECK_FUNCS([ \ 
                SSL_get_client_ciphers \

                SSL_get_client_random \

		SSL_CIPHER_find \

                SSL_CTX_set_security_level \

		TLS_method

	       ])

src/common/tortls.c

+5 −1
Original line number Diff line number Diff line
@@ -1130,6 +1130,11 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, 
  if (!(result->ctx = SSL_CTX_new(SSLv23_method())))

    goto error;

#endif

#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL

  /* Level 1 re-enables RSA1024 and DH1024 for compatibility with old tors */

  SSL_CTX_set_security_level(result->ctx, 1);

#endif



  SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);

  SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
@@ -2555,4 +2560,3 @@ evaluate_ecgroup_for_tls(const char *ecgroup) 


  return ret;

}