[tor-bugs] #11598 [Tor]: Investigate using of TLSv1_method instead of SSLv23_method
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 24 22:07:22 UTC 2014
#11598: Investigate using of TLSv1_method instead of SSLv23_method
-------------------------+---------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
tortls.c
{{{
#if 0
/* Tell OpenSSL to only use TLS1. This may have subtly different
results
* from SSLv23_method() with SSLv2 and SSLv3 disabled, so we need to do
some
* investigation before we consider adjusting it. It should be
compatible
* with existing Tors. */
if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
goto error;
#endif
}}}
s23_*.c files of OpenSSL code doesn't seems like many eyes will looking
at.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11598>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list