1 files changed, 6 insertions, 4 deletions

diff --git a/src/common/tortls.c b/src/common/tortls.c
index b4984802fb..df77fb066f 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -368,8 +368,8 @@ tor_tls_init(void)
      * OpenSSL 0.9.8l.
      *
      * No, we can't just set flag 0x0010 everywhere.  It breaks Tor with
-     * OpenSSL 1.0.0beta3 and later.  No, we can't just set option
-     * 0x00040000L everywhere: before 0.9.8m, it meant something else.
+     * OpenSSL 1.0.0beta3 and later.  On the other hand, we might be able to
+     * set option 0x00040000L everywhere.
      *
      * No, we can't simply detect whether the flag or the option is present
      * in the headers at build-time: some vendors (notably Apple) like to
@@ -393,10 +393,12 @@ tor_tls_init(void)
     } else if (version < 0x009080c0L) {
       log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
                  "0.9.8l, but some vendors have backported 0.9.8l's "
-                 "renegotiation code to earlier versions.  I'll set "
-                 "SSL3_FLAGS just to be safe.",
+                 "renegotiation code to earlier versions, and some have "
+                 "backported the code from 0.9.8m or 0.9.8n.  I'll set both "
+                 "SSL3_FLAGS and SSL_OP just to be safe.",
                  SSLeay_version(SSLEAY_VERSION), version);
       use_unsafe_renegotiation_flag = 1;
+      use_unsafe_renegotiation_op = 1;
     } else {
       log_info(LD_GENERAL, "OpenSSL %s has version %lx",
                SSLeay_version(SSLEAY_VERSION), version);