mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
Merge branch 'maint-0.3.3' into maint-0.3.4
This commit is contained in:
commit
8849b2ca3c
4
changes/bug27344
Normal file
4
changes/bug27344
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
o Minor features (compatibility):
|
||||||
|
- Tell OpenSSL to maintain backward compatibility with previous
|
||||||
|
RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these ciphers
|
||||||
|
are disabled by default. Closes ticket 27344.
|
@ -941,6 +941,7 @@ AC_CHECK_FUNCS([ \
|
|||||||
SSL_get_client_ciphers \
|
SSL_get_client_ciphers \
|
||||||
SSL_get_client_random \
|
SSL_get_client_random \
|
||||||
SSL_CIPHER_find \
|
SSL_CIPHER_find \
|
||||||
|
SSL_CTX_set_security_level \
|
||||||
TLS_method
|
TLS_method
|
||||||
])
|
])
|
||||||
|
|
||||||
|
@ -1193,6 +1193,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
|||||||
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
|
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
|
||||||
goto error;
|
goto error;
|
||||||
#endif /* defined(HAVE_TLS_METHOD) */
|
#endif /* defined(HAVE_TLS_METHOD) */
|
||||||
|
|
||||||
|
#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
|
||||||
|
/* Level 1 re-enables RSA1024 and DH1024 for compatibility with old tors */
|
||||||
|
SSL_CTX_set_security_level(result->ctx, 1);
|
||||||
|
#endif
|
||||||
|
|
||||||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
|
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
|
||||||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
|
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
|
||||||
|
|
||||||
@ -2662,4 +2668,3 @@ evaluate_ecgroup_for_tls(const char *ecgroup)
|
|||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user