diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-24 16:03:14 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-02-10 15:55:06 -0500 |
| commit | 50c259d763c7471588b4e1f242695d2652e4284b (patch) | |
| tree | 95018c9f25fde4fbf49338ecfb6af098b8558ecb /src/common/tortls.c | |
| parent | 5fc6967956610111d8cf24792ddf000bd83b4b86 (diff) | |
| download | tor-50c259d763c7471588b4e1f242695d2652e4284b.tar tor-50c259d763c7471588b4e1f242695d2652e4284b.tar.gz | |
Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
(Backport from 0.2.2's 5ed73e3807d90dd0a3)
Diffstat (limited to 'src/common/tortls.c')
| -rw-r--r-- | src/common/tortls.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 1d597e295..7735618ea 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -684,7 +684,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) if (!SSL_CTX_check_private_key(result->ctx)) goto error; { - crypto_dh_env_t *dh = crypto_dh_new(); + crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS); SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh)); crypto_dh_free(dh); } |