mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-23 20:03:31 +01:00
r16882@tombo: nickm | 2008-07-10 14:31:25 -0400
Fix for session-related bug found by Geoff Goodell. backport candidate, once tested. svn:r15821
This commit is contained in:
parent
c717e19a29
commit
cb7cc9e12d
@ -56,6 +56,11 @@ Changes in version 0.2.0.29-rc - 2008-07-08
|
||||
- Correctly detect transparent proxy support on Linux hosts that
|
||||
require in.h to be included before netfilter_ipv4.h. Patch
|
||||
from coderman.
|
||||
- Disallow session resumption attempts during the renegotiation
|
||||
stage of the v2 handshake protocol. Clients should never be
|
||||
trying session resumption at this point, but apparently some
|
||||
did, in ways that caused the handshake to fail. Bugfix on
|
||||
0.2.0.20-rc. Bug found by Geoff Goodell.
|
||||
|
||||
|
||||
Changes in version 0.2.1.2-alpha - 2008-06-20
|
||||
|
@ -564,6 +564,11 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
|
||||
#endif
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
|
||||
|
||||
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
|
||||
SSL_CTX_set_options(result->ctx,
|
||||
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
|
||||
#endif
|
||||
/* Don't actually allow compression; it uses ram and time, but the data
|
||||
* we transmit is all encrypted anyway. */
|
||||
if (result->ctx->comp_methods)
|
||||
|
Loading…
Reference in New Issue
Block a user