diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-10-31 13:14:39 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-10-31 13:14:39 -0400 |
| commit | 0e8ee795d901c1a5ac84e53bbea417fddace46bf (patch) | |
| tree | 34d29b1e11cac1063dd17b1477a1c181ab9b0f12 | |
| parent | 8f9fb63cdb188e27e39cf063c6a9e94df66cf239 (diff) | |
| parent | ad763a336cb3655151383172bcfa658870ad8950 (diff) | |
| download | tor-0e8ee795d901c1a5ac84e53bbea417fddace46bf.tar.gz tor-0e8ee795d901c1a5ac84e53bbea417fddace46bf.zip | |
Merge remote-tracking branch 'public/bug6055_v2_024' into maint-0.2.4
| -rw-r--r-- | changes/bug6055 | 6 | ||||
| -rw-r--r-- | src/common/tortls.c | 3 |
2 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug6055 b/changes/bug6055 new file mode 100644 index 0000000000..00730073a8 --- /dev/null +++ b/changes/bug6055 @@ -0,0 +1,6 @@ + o Major enhancements: + - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later. + (OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2. OpenSSL from 1.0.1 + through 1.0.1d had bugs that prevented renegotiation from working + with TLS 1.1 or 1.2, so we disabled them to solve bug 6033.) Fix for + issue #6055. diff --git a/src/common/tortls.c b/src/common/tortls.c index b7e5bc1a5f..90ebb755f9 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1269,12 +1269,15 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, * version. Once some version of OpenSSL does TLS1.1 and TLS1.2 * renegotiation properly, we can turn them back on when built with * that version. */ +#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,1,'e') #ifdef SSL_OP_NO_TLSv1_2 SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2); #endif #ifdef SSL_OP_NO_TLSv1_1 SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1); #endif +#endif + /* Disable TLS tickets if they're supported. We never want to use them; * using them can make our perfect forward secrecy a little worse, *and* * create an opportunity to fingerprint us (since it's unusual to use them |