Merge remote-tracking branch 'public/bug6055_v2_024'

This commit is contained in:
Nick Mathewson 2013-09-25 14:35:18 -04:00
commit 090bff2dca
2 changed files with 9 additions and 0 deletions

6
changes/bug6055 Normal file
View File

@ -0,0 +1,6 @@
o Major enhancements:
- Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
(OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2. OpenSSL from 1.0.1
through 1.0.1d had bugs that prevented renegotiation from working
with TLS 1.1 or 1.2, so we disabled them to solve bug 6033.) Fix for
issue #6055.

View File

@ -1241,12 +1241,15 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
* version. Once some version of OpenSSL does TLS1.1 and TLS1.2
* renegotiation properly, we can turn them back on when built with
* that version. */
#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,1,'e')
#ifdef SSL_OP_NO_TLSv1_2
SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2);
#endif
#ifdef SSL_OP_NO_TLSv1_1
SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
#endif
#endif
/* Disable TLS tickets if they're supported. We never want to use them;
* using them can make our perfect forward secrecy a little worse, *and*
* create an opportunity to fingerprint us (since it's unusual to use them