Make the DH parameter we use for TLS match the one from Apache's mod_ssl

Our regular DH parameters that we use for circuit and rendezvous crypto are unchanged. This is yet another small step on the path of protocol fingerprinting resistance. (Backport from 0.2.2's 5ed73e3807d90dd0a3)
author: Nick Mathewson <nickm@torproject.org> 2011-01-24 16:03:14 -0500
committer: Nick Mathewson <nickm@torproject.org> 2011-02-10 15:55:06 -0500
commit: 50c259d763c7471588b4e1f242695d2652e4284b (patch)
tree: 95018c9f25fde4fbf49338ecfb6af098b8558ecb /src/or/onion.c
parent: 5fc6967956610111d8cf24792ddf000bd83b4b86 (diff)
download: tor-50c259d763c7471588b4e1f242695d2652e4284b.tar
tor-50c259d763c7471588b4e1f242695d2652e4284b.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/or/onion.c b/src/or/onion.c
index bf72b4cab..e455a5263 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -173,7 +173,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
   *handshake_state_out = NULL;
   memset(onion_skin_out, 0, ONIONSKIN_CHALLENGE_LEN);
 
-  if (!(dh = crypto_dh_new()))
+  if (!(dh = crypto_dh_new(DH_TYPE_CIRCUIT)))
     goto err;
 
   dhbytes = crypto_dh_get_bytes(dh);
@@ -247,7 +247,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
     goto err;
   }
 
-  dh = crypto_dh_new();
+  dh = crypto_dh_new(DH_TYPE_CIRCUIT);
   if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
     log_info(LD_GENERAL, "crypto_dh_get_public failed.");
     goto err;
author	Nick Mathewson <nickm@torproject.org>	2011-01-24 16:03:14 -0500
committer	Nick Mathewson <nickm@torproject.org>	2011-02-10 15:55:06 -0500
commit	50c259d763c7471588b4e1f242695d2652e4284b (patch)
tree	95018c9f25fde4fbf49338ecfb6af098b8558ecb /src/or/onion.c
parent	5fc6967956610111d8cf24792ddf000bd83b4b86 (diff)
download	tor-50c259d763c7471588b4e1f242695d2652e4284b.tar tor-50c259d763c7471588b4e1f242695d2652e4284b.tar.gz