diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-24 16:03:14 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-02-10 15:55:06 -0500 |
| commit | 50c259d763c7471588b4e1f242695d2652e4284b (patch) | |
| tree | 95018c9f25fde4fbf49338ecfb6af098b8558ecb /src/common/tortls.c | |
| parent | 5fc6967956610111d8cf24792ddf000bd83b4b86 (diff) | |
| download | tor-50c259d763c7471588b4e1f242695d2652e4284b.tar.gz tor-50c259d763c7471588b4e1f242695d2652e4284b.zip | |
Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
(Backport from 0.2.2's 5ed73e3807d90dd0a3)
Diffstat (limited to 'src/common/tortls.c')
| -rw-r--r-- | src/common/tortls.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 1d597e2952..7735618ea2 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -684,7 +684,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) if (!SSL_CTX_check_private_key(result->ctx)) goto error; { - crypto_dh_env_t *dh = crypto_dh_new(); + crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS); SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh)); crypto_dh_free(dh); } |