diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-10-24 22:07:10 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-10-24 22:07:10 -0400 |
| commit | 4a7962e439312b5002e05e0c720245e8359ad808 (patch) | |
| tree | 36390caa23f4e83530bf5ed676eaf1a15fc8de7a /src/common | |
| parent | 4a9bc5658f4d7fa786aa2a154bba00f4e3f0bc45 (diff) | |
| parent | 62a49c0cc85037d3e79468961ff625ec5e8aad65 (diff) | |
| download | tor-4a7962e439312b5002e05e0c720245e8359ad808.tar.gz tor-4a7962e439312b5002e05e0c720245e8359ad808.zip | |
Merge remote-tracking branch 'public/bug7189_tentative'
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/tortls.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 2ff18355d1..3bb0581463 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1193,10 +1193,13 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, /* Disable TLS tickets if they're supported. We never want to use them; * using them can make our perfect forward secrecy a little worse, *and* * create an opportunity to fingerprint us (since it's unusual to use them - * with TLS sessions turned off). + * with TLS sessions turned off). Clients need to advertise support for + * them, though to avoid a TLS distinguishability vector. */ #ifdef SSL_OP_NO_TICKET - SSL_CTX_set_options(result->ctx, SSL_OP_NO_TICKET); + if (! is_client) { + SSL_CTX_set_options(result->ctx, SSL_OP_NO_TICKET); + } #endif if ( |