aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-01-04 17:15:50 -0500
committerNick Mathewson <nickm@torproject.org>2012-01-05 12:28:55 -0500
commitdb78fe45898a6d03727f8db68642bfebdfc10bf8 (patch)
tree95bc50fe1ee0f11ff18624f6529e2cce5c879825
parentdf17b62d54fb11949ec581dedc5dc03673edcfae (diff)
downloadtor-db78fe45898a6d03727f8db68642bfebdfc10bf8.tar
tor-db78fe45898a6d03727f8db68642bfebdfc10bf8.tar.gz
Disable SSLv3 when using a not-up-to-date openssl
This is to address bug 4822, and CVE-2011-4576.
-rw-r--r--src/common/tortls.c31
1 files changed, 28 insertions, 3 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index cc805f80c..22b0e3172 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -64,6 +64,16 @@
#define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer")
+#if (OPENSSL_VERSION_NUMBER < 0x0090813fL || \
+ (OPENSSL_VERSION_NUMBER >= 0x00909000L && \
+ OPENSSL_VERSION_NUMBER < 0x1000006fL))
+/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
+ * the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and
+ * SSL3 safely at the same time.
+ */
+#define DISABLE_SSL3_HANDSHAKE
+#endif
+
/* We redefine these so that we can run correctly even if the vendor gives us
* a version of OpenSSL that does not match its header files. (Apple: I am
* looking at you.)
@@ -739,16 +749,31 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
result->key = crypto_pk_dup_key(rsa);
}
-#ifdef EVERYONE_HAS_AES
- /* Tell OpenSSL to only use TLS1 */
+#if 0
+ /* Tell OpenSSL to only use TLS1. This would actually break compatibility
+ * with clients that are configured to use SSLv23_method(), so we should
+ * probably never use it.
+ */
if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
goto error;
-#else
+#endif
+
/* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
goto error;
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
+
+ if (
+#ifdef DISABLE_SSL3_HANDSHAKE
+ 1 ||
#endif
+ SSLeay() < 0x0090813fL ||
+ (SSLeay() >= 0x00909000L &&
+ SSLeay() < 0x1000006fL)) {
+ /* And not SSL3 if it's subject to CVE-2011-4657. */
+ SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
+ }
+
SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION