aboutsummaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-09-07 09:15:56 -0400
committerNick Mathewson <nickm@torproject.org>2018-09-07 09:15:56 -0400
commit732ea9120c9db5d6368cba6f2b789aa4fca5db31 (patch)
treed5cb1833e559465f291157740a561502e8b2b1c2 /src/common
parent056003d602a2e6f5c2f417d176b68da50b921c32 (diff)
parent0366ae224cb3b9cd55905201cd1b55a03f2736e9 (diff)
downloadtor-732ea9120c9db5d6368cba6f2b789aa4fca5db31.tar.gz
tor-732ea9120c9db5d6368cba6f2b789aa4fca5db31.zip
Merge branch 'maint-0.3.2' into maint-0.3.3
Diffstat (limited to 'src/common')
-rw-r--r--src/common/tortls.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 388c97e3a3..7e2a134dc3 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1172,6 +1172,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
goto error;
#endif /* defined(HAVE_TLS_METHOD) */
+
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
+ /* Level 1 re-enables RSA1024 and DH1024 for compatibility with old tors */
+ SSL_CTX_set_security_level(result->ctx, 1);
+#endif
+
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
@@ -2641,4 +2647,3 @@ evaluate_ecgroup_for_tls(const char *ecgroup)
return ret;
}
-