[tor-bugs] #6033 [Tor Bridge]: 0.2.2.35 can't connect to 0.2.3.15-alpha bridges
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Jun 2 16:28:29 UTC 2012
#6033: 0.2.2.35 can't connect to 0.2.3.15-alpha bridges
------------------------+---------------------------------------------------
Reporter: murble | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Bridge | Version: Tor: 0.2.3.15-alpha
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by murble):
no 0.2.3.14-alpha doesn't work either.
It seems to be a openssl 1.0.1 supporting newer TLS problem. The TBB I've
tested
with are linked with openssl 1.0.1c During the renegotiation
the client claims to support v1.2 and dies with the above message
when we try and speak TLSv1.2
As a quick work around I set SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_1
on the 0.2.3.15 bridge.
z.B
{{{
diff --git a/src/common/tortls.c b/src/common/tortls.c
index cffba2e..bf29ae2 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1174,6 +1174,9 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned
int ke
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
goto error;
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
+ /* Disable TLSv1.x handshakes so we work with 0.2.2.x clients */
+ SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2);
+ SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
if (
#ifdef DISABLE_SSL3_HANDSHAKE
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6033#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list