diff options
author | Nick Mathewson <nickm@torproject.org> | 2013-09-19 10:40:41 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2013-10-08 16:32:07 -0400 |
commit | 72c1e5acfe1c6f04f4d7d398fc4a964d4bc5b62e (patch) | |
tree | 1ce001a115af1a80b1cf6d8103a2e6bcc7ba73c4 /src/common | |
parent | fa1034cd999f19a50e6183dac6c65b3acaefe856 (diff) | |
download | tor-72c1e5acfe1c6f04f4d7d398fc4a964d4bc5b62e.tar.gz tor-72c1e5acfe1c6f04f4d7d398fc4a964d4bc5b62e.zip |
Switch ECDHE group default logic for bridge/relay TLS
According to the manpage, bridges use P256 for conformity and relays
use P224 for speed. But skruffy points out that we've gotten it
backwards in the code.
In this patch, we make the default P256 for everybody.
Fixes bug 9780; bugfix on 0.2.4.8-alpha.
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/tortls.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index b7e5bc1a5f..72f6c405c0 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1369,10 +1369,8 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, nid = NID_secp224r1; else if (flags & TOR_TLS_CTX_USE_ECDHE_P256) nid = NID_X9_62_prime256v1; - else if (flags & TOR_TLS_CTX_IS_PUBLIC_SERVER) - nid = NID_X9_62_prime256v1; else - nid = NID_secp224r1; + nid = NID_X9_62_prime256v1; /* Use P-256 for ECDHE. */ ec_key = EC_KEY_new_by_curve_name(nid); if (ec_key != NULL) /*XXXX Handle errors? */ |