mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 18:22:09 +01:00
Merge remote-tracking branch 'public/ticket11528_024' into maint-0.2.4
This commit is contained in:
commit
0ad8133a7e
6
changes/ticket11528
Normal file
6
changes/ticket11528
Normal file
@ -0,0 +1,6 @@
|
||||
o Minor features:
|
||||
- Servers now trust themselves to have a better view than clients of
|
||||
which TLS ciphersuites to choose. (Thanks to #11513, the server
|
||||
list is now well-considered, whereas the client list has been
|
||||
chosen mainly for anti-fingerprinting purposes.) Resolves ticket
|
||||
11528.
|
@ -1277,6 +1277,10 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
||||
goto error;
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
|
||||
|
||||
/* Prefer the server's ordering of ciphers: the client's ordering has
|
||||
* historically been chosen for fingerprinting resistance. */
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
|
||||
/* Disable TLS1.1 and TLS1.2 if they exist. We need to do this to
|
||||
* workaround a bug present in all OpenSSL 1.0.1 versions (as of 1
|
||||
* June 2012), wherein renegotiating while using one of these TLS
|
||||
|
Loading…
Reference in New Issue
Block a user