From 72c1e5acfe1c6f04f4d7d398fc4a964d4bc5b62e Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Sep 2013 10:40:41 -0400 Subject: Switch ECDHE group default logic for bridge/relay TLS According to the manpage, bridges use P256 for conformity and relays use P224 for speed. But skruffy points out that we've gotten it backwards in the code. In this patch, we make the default P256 for everybody. Fixes bug 9780; bugfix on 0.2.4.8-alpha. --- src/common/tortls.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'src/common') diff --git a/src/common/tortls.c b/src/common/tortls.c index b7e5bc1a5..72f6c405c 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1369,10 +1369,8 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, nid = NID_secp224r1; else if (flags & TOR_TLS_CTX_USE_ECDHE_P256) nid = NID_X9_62_prime256v1; - else if (flags & TOR_TLS_CTX_IS_PUBLIC_SERVER) - nid = NID_X9_62_prime256v1; else - nid = NID_secp224r1; + nid = NID_X9_62_prime256v1; /* Use P-256 for ECDHE. */ ec_key = EC_KEY_new_by_curve_name(nid); if (ec_key != NULL) /*XXXX Handle errors? */ -- cgit v1.2.3