diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-12-25 20:04:54 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-12-25 20:22:46 -0500 |
| commit | 25afecdbf999eb91ed9216be1f8b8cdf0f78135b (patch) | |
| tree | 73665d46e5858deac1c95c2473166c8c67e98dc7 /src/or/router.c | |
| parent | c8b3bdb78215d4d7821d9bfa15bb8f7786403ce9 (diff) | |
| download | tor-25afecdbf999eb91ed9216be1f8b8cdf0f78135b.tar.gz tor-25afecdbf999eb91ed9216be1f8b8cdf0f78135b.zip | |
Make ECDHE group configurable: 224 for public, 256 for bridges (default)
Diffstat (limited to 'src/or/router.c')
| -rw-r--r-- | src/or/router.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/or/router.c b/src/or/router.c index 5786103b94..c7380cb444 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -491,7 +491,18 @@ v3_authority_check_key_expiry(void) int router_initialize_tls_context(void) { - return tor_tls_context_init(public_server_mode(get_options()), + unsigned int flags = 0; + const or_options_t *options = get_options(); + if (public_server_mode(options)) + flags |= TOR_TLS_CTX_IS_PUBLIC_SERVER; + if (options->TLSECGroup) { + if (!strcasecmp(options->TLSECGroup, "P256")) + flags |= TOR_TLS_CTX_USE_ECDHE_P256; + else if (!strcasecmp(options->TLSECGroup, "P224")) + flags |= TOR_TLS_CTX_USE_ECDHE_P224; + } + + return tor_tls_context_init(flags, get_tlsclient_identity_key(), server_mode(get_options()) ? get_server_identity_key() : NULL, |