aboutsummaryrefslogtreecommitdiff
path: root/src/lib/tls
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-09-07 09:15:56 -0400
committerNick Mathewson <nickm@torproject.org>2018-09-07 09:15:56 -0400
commitee6d8bcf71b0cf9eb7acc2987a59c78ffc172303 (patch)
tree049720dc6df4aaaf9d6e36480bb0f23655d55c0f /src/lib/tls
parent291876be36d70e892d8fb5e50509379e69485a02 (diff)
parent8849b2ca3c3943e7d2f109b8e56179be82092a6e (diff)
downloadtor-ee6d8bcf71b0cf9eb7acc2987a59c78ffc172303.tar.gz
tor-ee6d8bcf71b0cf9eb7acc2987a59c78ffc172303.zip
Merge branch 'maint-0.3.4'
Diffstat (limited to 'src/lib/tls')
-rw-r--r--src/lib/tls/tortls_openssl.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 2a022b8531..dc6c0bee9c 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -548,6 +548,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
goto error;
#endif /* defined(HAVE_TLS_METHOD) */
+
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
+ /* Level 1 re-enables RSA1024 and DH1024 for compatibility with old tors */
+ SSL_CTX_set_security_level(result->ctx, 1);
+#endif
+
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);