Skip to content
Snippets Groups Projects
Commit 090bff2d authored by Nick Mathewson's avatar Nick Mathewson :family:
Browse files

Merge remote-tracking branch 'public/bug6055_v2_024'

parents 759de9f7 ad763a33
No related branches found
No related tags found
No related merge requests found
o Major enhancements:
- Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
(OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2. OpenSSL from 1.0.1
through 1.0.1d had bugs that prevented renegotiation from working
with TLS 1.1 or 1.2, so we disabled them to solve bug 6033.) Fix for
issue #6055.
......@@ -1241,12 +1241,15 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
* version. Once some version of OpenSSL does TLS1.1 and TLS1.2
* renegotiation properly, we can turn them back on when built with
* that version. */
#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,1,'e')
#ifdef SSL_OP_NO_TLSv1_2
SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2);
#endif
#ifdef SSL_OP_NO_TLSv1_1
SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
#endif
#endif
/* Disable TLS tickets if they're supported. We never want to use them;
* using them can make our perfect forward secrecy a little worse, *and*
* create an opportunity to fingerprint us (since it's unusual to use them
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment