[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/release-0.2.2] Fix comment about TLSv1_method() per comments by wanoskarnet
commit c78a314e95ef7f0d05e9d58066ee6bf6795ee9d7
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon Jan 9 16:40:21 2012 -0500
Fix comment about TLSv1_method() per comments by wanoskarnet
---
src/common/tortls.c | 13 ++++---------
1 files changed, 4 insertions(+), 9 deletions(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 37074de..f7a15b0 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -777,15 +777,10 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
}
#if 0
- /* Tell OpenSSL to only use TLS1. This would actually break compatibility
- * with clients that are configured to use SSLv23_method(), so we should
- * probably never use it.
- */
- /* XXX wanoskarnet says this comment is bunk -- that even if we turn
- * this line on, clients configured to use SSLv23 would still able to
- * talk to us. But he also says it's ok to leave it out. I suggest we
- * delete this whole clause (the one that's #if 0'ed out). I'll leave
- * it in place until Nick expresses an opinion. -RD */
+ /* Tell OpenSSL to only use TLS1. This may have subtly different results
+ * from SSLv23_method() with SSLv2 and SSLv3 disabled, so we need to do some
+ * investigation before we consider adjusting it. It should be compatible
+ * with existing Tors. */
if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
goto error;
#endif
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits