Merge remote-tracking branch 'origin/maint-0.2.4'

changes/bug9780

@@ -0,0 +1,8 @@
+  o Minor bugfixes (performance, fingerprinting):
+    - Our default TLS ecdhe groups were backwards: we meant to be using
+      P224 for relays (for performance win) and P256 for bridges (since
+      it is more common in the wild). Instead we had it backwards. After
+      reconsideration, we decided that the default should be P256 on all
+      hosts, since its security is probably better, and since P224 is
+      reportedly used quite little in the wild.  Found by "skruffy" on
+      IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.

doc/tor.1.txt

@@ -1671,7 +1671,7 @@ is non-zero):
     What EC group should we try to use for incoming TLS connections?
     P224 is faster, but makes us stand out more. Has no effect if
     we're a client, or if our OpenSSL version lacks support for ECDHE.
-    (Default: P224 for public servers; P256 for bridges.)
+    (Default: P256)
 
 [[CellStatistics]] **CellStatistics** **0**|**1**::
     When this option is enabled, Tor writes statistics on the mean time that

src/common/tortls.c

@@ -1344,10 +1344,8 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
       nid = NID_secp224r1;
     else if (flags & TOR_TLS_CTX_USE_ECDHE_P256)
       nid = NID_X9_62_prime256v1;
-    else if (flags & TOR_TLS_CTX_IS_PUBLIC_SERVER)
-      nid = NID_X9_62_prime256v1;
     else
-      nid = NID_secp224r1;
+      nid = NID_X9_62_prime256v1;
     /* Use P-256 for ECDHE. */
     ec_key = EC_KEY_new_by_curve_name(nid);
     if (ec_key != NULL) /*XXXX Handle errors? */