nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 06:13:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maint-0.3.4' into release-0.3.4

Browse Source
This commit is contained in:
Nick Mathewson 2018-09-07 09:15:56 -04:00
commit 0330652346
3 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug27344 Normal file
View File

@ -0,0 +1,4 @@
o Minor features (compatibility):
- Tell OpenSSL to maintain backward compatibility with previous
RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these ciphers
are disabled by default. Closes ticket 27344.

1
configure.ac
View File

@ -941,6 +941,7 @@ AC_CHECK_FUNCS([ \
SSL_get_client_ciphers \ SSL_get_client_ciphers \
SSL_get_client_random \ SSL_get_client_random \
SSL_CIPHER_find \ SSL_CIPHER_find \
SSL_CTX_set_security_level \
TLS_method TLS_method
]) ])

7
src/common/tortls.c
View File

@ -1193,6 +1193,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
if (!(result->ctx = SSL_CTX_new(SSLv23_method()))) if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
goto error; goto error;
#endif /* defined(HAVE_TLS_METHOD) */ #endif /* defined(HAVE_TLS_METHOD) */
#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
/* Level 1 re-enables RSA1024 and DH1024 for compatibility with old tors */
SSL_CTX_set_security_level(result->ctx, 1);
#endif
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3); SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
@ -2662,4 +2668,3 @@ evaluate_ecgroup_for_tls(const char *ecgroup)
return ret; return ret;
} }