Re-enable TLS 1.[12] when building with OpenSSL >= 1.0.1e

To fix #6033, we disabled TLS 1.1 and 1.2.  Eventually, OpenSSL fixed
the bug behind #6033.

I've considered alternate implementations that do more testing to see
if there's secretly an OpenSSL 1.0.1c or something that secretly has a
backport of the OpenSSL 1.0.1e fix, and decided against it on the
grounds of complexity.

2 files changed, 9 insertions, 0 deletions

diff --git a/changes/bug6055 b/changes/bug6055
new file mode 100644
index 0000000000..00730073a8
--- /dev/null
+++ b/changes/bug6055
@@ -0,0 +1,6 @@
+  o Major enhancements:
+    - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
+      (OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2. OpenSSL from 1.0.1
+      through 1.0.1d had bugs that prevented renegotiation from working
+      with TLS 1.1 or 1.2, so we disabled them to solve bug 6033.) Fix for
+      issue #6055.
diff --git a/src/common/tortls.c b/src/common/tortls.c
index b7e5bc1a5f..90ebb755f9 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1269,12 +1269,15 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
    * version.  Once some version of OpenSSL does TLS1.1 and TLS1.2
    * renegotiation properly, we can turn them back on when built with
    * that version. */
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,1,'e')
 #ifdef SSL_OP_NO_TLSv1_2
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2);
 #endif
 #ifdef SSL_OP_NO_TLSv1_1
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
 #endif
+#endif
+
   /* Disable TLS tickets if they're supported.  We never want to use them;
    * using them can make our perfect forward secrecy a little worse, *and*
    * create an opportunity to fingerprint us (since it's unusual to use them