diff options
| author | pseudonymisaTor <1397-pseudonymisaTor@gitlab.torproject.org> | 2022-01-23 09:24:28 +0000 |
|---|---|---|
| committer | pseudonymisaTor <1397-pseudonymisaTor@gitlab.torproject.org> | 2022-01-23 09:24:28 +0000 |
| commit | f1387b398c130eac740b759db5101d8c469114d5 (patch) | |
| tree | 6d4335c80bbbb5d5ee53bf6d6b033386ff89af87 /src/lib/tls | |
| parent | 7a3d60d4712f9e8c5f2d39dce93ee31caf1d0a21 (diff) | |
| download | tor-f1387b398c130eac740b759db5101d8c469114d5.tar.gz tor-f1387b398c130eac740b759db5101d8c469114d5.zip | |
conn: add ClientHello Padding TLS extension
Diffstat (limited to 'src/lib/tls')
| -rw-r--r-- | src/lib/tls/tortls_openssl.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c index d59d65d995..77de2d6a11 100644 --- a/src/lib/tls/tortls_openssl.c +++ b/src/lib/tls/tortls_openssl.c @@ -701,6 +701,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, /* let us realloc bufs that we're writing from */ SSL_CTX_set_mode(result->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); +#ifdef SSL_OP_TLSEXT_PADDING + /* Adds a padding extension to ensure the ClientHello size is never between + * 256 and 511 bytes in length. */ + SSL_CTX_set_options(result->ctx, SSL_OP_TLSEXT_PADDING); +#endif + return result; error: |