diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-09-07 09:15:56 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-09-07 09:15:56 -0400 |
| commit | f869cd012352310bcae232920d5e1941063e600b (patch) | |
| tree | f641884605056add1e9ba8886d0d5df8e4d5bdbd /src | |
| parent | c8a46cda5b7e254be67b4d117dfc6585de2cbfd7 (diff) | |
| parent | 0366ae224cb3b9cd55905201cd1b55a03f2736e9 (diff) | |
| download | tor-f869cd012352310bcae232920d5e1941063e600b.tar.gz tor-f869cd012352310bcae232920d5e1941063e600b.zip | |
Merge branch 'maint-0.3.2' into release-0.3.2
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/tortls.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 03c0be1cd0..6efc8c3e4b 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1172,6 +1172,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, if (!(result->ctx = SSL_CTX_new(SSLv23_method()))) goto error; #endif /* defined(HAVE_TLS_METHOD) */ + +#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL + /* Level 1 re-enables RSA1024 and DH1024 for compatibility with old tors */ + SSL_CTX_set_security_level(result->ctx, 1); +#endif + SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3); @@ -2641,4 +2647,3 @@ evaluate_ecgroup_for_tls(const char *ecgroup) return ret; } - |