diff options
| author | Robert Ransom <rransom.8774@gmail.com> | 2012-01-04 20:41:28 -0800 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-01-05 12:28:56 -0500 |
| commit | 4752b348793f599cbdc93d0503d18def03e45c7a (patch) | |
| tree | 09bd5f25a249ed6c9dd4adc855a0b80fa901ab70 | |
| parent | 0a00678e56ec3030b9028a7188f68ab6c10a3fa3 (diff) | |
| download | tor-4752b348793f599cbdc93d0503d18def03e45c7a.tar.gz tor-4752b348793f599cbdc93d0503d18def03e45c7a.zip | |
Log at info level when disabling SSLv3
| -rw-r--r-- | src/common/tortls.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 22b0e31726..d88a59b9c7 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -771,6 +771,12 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime, (SSLeay() >= 0x00909000L && SSLeay() < 0x1000006fL)) { /* And not SSL3 if it's subject to CVE-2011-4657. */ + log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version " + "might otherwise be vulnerable to CVE-2011-4657 " + "(compile-time version %08lx (%s); " + "runtime version %08lx (%s))", + OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, + SSLeay(), SSLeay_version(SSLEAY_VERSION)); SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3); } |