r16882@tombo: nickm | 2008-07-10 14:31:25 -0400

Fix for session-related bug found by Geoff Goodell. backport candidate, once tested.


svn:r15821
This commit is contained in:
Nick Mathewson 2008-07-10 18:31:33 +00:00
parent c717e19a29
commit cb7cc9e12d
2 changed files with 10 additions and 0 deletions

View File

@ -56,6 +56,11 @@ Changes in version 0.2.0.29-rc - 2008-07-08
- Correctly detect transparent proxy support on Linux hosts that
require in.h to be included before netfilter_ipv4.h. Patch
from coderman.
- Disallow session resumption attempts during the renegotiation
stage of the v2 handshake protocol. Clients should never be
trying session resumption at this point, but apparently some
did, in ways that caused the handshake to fail. Bugfix on
0.2.0.20-rc. Bug found by Geoff Goodell.
Changes in version 0.2.1.2-alpha - 2008-06-20

View File

@ -564,6 +564,11 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
#endif
SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
SSL_CTX_set_options(result->ctx,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
/* Don't actually allow compression; it uses ram and time, but the data
* we transmit is all encrypted anyway. */
if (result->ctx->comp_methods)