diff options
| -rw-r--r-- | src/or/config.c | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/src/or/config.c b/src/or/config.c index d403decb18..a846ca9079 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1363,22 +1363,26 @@ options_act(const or_options_t *old_options) } /* If needed, generate a new TLS DH prime according to the current torrc. */ - if (!old_options) { - if (options->DynamicDHGroups) { - char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus"); - crypto_set_tls_dh_prime(fname); - tor_free(fname); + if (server_mode(options) && options->BridgeRelay) { + if (!old_options) { + if (options->DynamicDHGroups) { + char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus"); + crypto_set_tls_dh_prime(fname); + tor_free(fname); + } else { + crypto_set_tls_dh_prime(NULL); + } } else { - crypto_set_tls_dh_prime(NULL); - } - } else { - if (options->DynamicDHGroups && !old_options->DynamicDHGroups) { - char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus"); - crypto_set_tls_dh_prime(fname); - tor_free(fname); - } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) { - crypto_set_tls_dh_prime(NULL); + if (options->DynamicDHGroups && !old_options->DynamicDHGroups) { + char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus"); + crypto_set_tls_dh_prime(fname); + tor_free(fname); + } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) { + crypto_set_tls_dh_prime(NULL); + } } + } else { /* clients don't need a dynamic DH prime. */ + crypto_set_tls_dh_prime(NULL); } /* We want to reinit keys as needed before we do much of anything else: |