Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge remote-tracking branch 'public/bug6055_v2_024' into maint-0.2.4

Nick Mathewson 12 years ago
parent
8f9fb63cdb ad763a336c
commit
0e8ee795d9
2 changed files with 9 additions and 0 deletions
Split View Show Diff Stats
  1. 6 0
      changes/bug6055
  2. 3 0
      src/common/tortls.c

+ 6 - 0
changes/bug6055
View File 

@@ -0,0 +1,6 @@
 
+  o Major enhancements:
 
+    - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
 
+      (OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2. OpenSSL from 1.0.1
 
+      through 1.0.1d had bugs that prevented renegotiation from working
 
+      with TLS 1.1 or 1.2, so we disabled them to solve bug 6033.) Fix for
 
+      issue #6055.

+ 3 - 0
src/common/tortls.c
View File 

@@ -1269,12 +1269,15 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 
    * version.  Once some version of OpenSSL does TLS1.1 and TLS1.2
 
    * renegotiation properly, we can turn them back on when built with
 
    * that version. */
 
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,1,'e')
 
 #ifdef SSL_OP_NO_TLSv1_2
 
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2);
 
 #endif
 
 #ifdef SSL_OP_NO_TLSv1_1
 
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
 
 #endif
 
+#endif
 
+
 
   /* Disable TLS tickets if they're supported.  We never want to use them;
 
    * using them can make our perfect forward secrecy a little worse, *and*
 
    * create an opportunity to fingerprint us (since it's unusual to use them