From be68c1fb43a34c61c7a589faec1b3cbaf4ced07f Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 12 Sep 2012 19:31:24 -0400 Subject: Log a notice if we're running with OpenSSL before 1.0.0. These versions have some dubious, slow crypto implementations; 1.0.0 is a great improvement, and at this point is pretty mature. --- src/common/crypto.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src') diff --git a/src/common/crypto.c b/src/common/crypto.c index 6c6bf14893..979ff3cfa6 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -243,6 +243,11 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) SSLeay(), SSLeay_version(SSLEAY_VERSION)); } + if (SSLeay() < OPENSSL_V_SERIES(1,0,0)) { + log_notice(LD_CRYPTO, "Your OpenSSL version seems to be %s. We " + "recommend 1.0.0 or later.", crypto_openssl_get_version_str()); + } + if (useAccel > 0) { #ifdef DISABLE_ENGINES (void)accelName; -- cgit v1.2.3-54-g00ecf