diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | src/common/tortls.c | 3 |
2 files changed, 7 insertions, 0 deletions
@@ -91,6 +91,10 @@ Changes in version 0.2.1.1-alpha - 2008-??-?? this new scheme when the server supports it. - Add a new V3AuthUseLegacyKey option to make it easier for authorities to change their identity keys if they have to. + - If the user has applied the experimental SSL_MODE_RELEASE_BUFFERS + patch to their OpenSSL, turn it on to save memory on servers. This + patch will (with any luck) get included in a mainline distribution + before too long. o Minor features (security): - Reject requests for reverse-dns lookup of names in a private diff --git a/src/common/tortls.c b/src/common/tortls.c index 48a139394d..b931176973 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -564,6 +564,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2); #endif SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE); +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS); +#endif if (cert && !SSL_CTX_use_certificate(result->ctx,cert)) goto error; X509_free(cert); /* We just added a reference to cert. */ |