[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #6033 [Tor Bridge]: 0.2.2.35 can't connect to 0.2.3.15-alpha bridges
#6033: 0.2.2.35 can't connect to 0.2.3.15-alpha bridges
------------------------+---------------------------------------------------
Reporter: murble | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Bridge | Version: Tor: 0.2.3.15-alpha
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by murble):
no 0.2.3.14-alpha doesn't work either.
It seems to be a openssl 1.0.1 supporting newer TLS problem. The TBB I've
tested
with are linked with openssl 1.0.1c During the renegotiation
the client claims to support v1.2 and dies with the above message
when we try and speak TLSv1.2
As a quick work around I set SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_1
on the 0.2.3.15 bridge.
z.B
{{{
diff --git a/src/common/tortls.c b/src/common/tortls.c
index cffba2e..bf29ae2 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1174,6 +1174,9 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned
int ke
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
goto error;
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
+ /* Disable TLSv1.x handshakes so we work with 0.2.2.x clients */
+ SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2);
+ SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
if (
#ifdef DISABLE_SSL3_HANDSHAKE
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6033#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs