Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'maint-0.3.3' into maint-0.3.4

Nick Mathewson 7 years ago
parent
967cef2f8f 732ea9120c
commit
8849b2ca3c
3 changed files with 11 additions and 1 deletions
Split View Show Diff Stats
  1. 4 0
      changes/bug27344
  2. 1 0
      configure.ac
  3. 6 1
      src/common/tortls.c

+ 4 - 0
changes/bug27344
View File 

@@ -0,0 +1,4 @@
 
+  o Minor features (compatibility):
 
+    - Tell OpenSSL to maintain backward compatibility with previous
 
+      RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these ciphers
 
+      are disabled by default. Closes ticket 27344.

+ 1 - 0
configure.ac
View File 

@@ -941,6 +941,7 @@ AC_CHECK_FUNCS([ \
 
                 SSL_get_client_ciphers \
 
                 SSL_get_client_random \
 
 		SSL_CIPHER_find \
 
+                SSL_CTX_set_security_level \
 
 		TLS_method
 
 	       ])

+ 6 - 1
src/common/tortls.c
View File 

@@ -1193,6 +1193,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 
   if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
 
     goto error;
 
 #endif /* defined(HAVE_TLS_METHOD) */
 
+
 
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
 
+  /* Level 1 re-enables RSA1024 and DH1024 for compatibility with old tors */
 
+  SSL_CTX_set_security_level(result->ctx, 1);
 
+#endif
 
+
 
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
 
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
 
 
@@ -2662,4 +2668,3 @@ evaluate_ecgroup_for_tls(const char *ecgroup)
 
 
   return ret;
 
 }
 
-