|
|
@@ -771,6 +771,12 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
|
|
|
(SSLeay() >= 0x00909000L &&
|
|
|
SSLeay() < 0x1000006fL)) {
|
|
|
/* And not SSL3 if it's subject to CVE-2011-4657. */
|
|
|
+ log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
|
|
|
+ "might otherwise be vulnerable to CVE-2011-4657 "
|
|
|
+ "(compile-time version %08lx (%s); "
|
|
|
+ "runtime version %08lx (%s))",
|
|
|
+ OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
|
|
|
+ SSLeay(), SSLeay_version(SSLEAY_VERSION));
|
|
|
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
|
|
|
}
|
|
|
|
Robert Ransom