* If <b>server_identity</b> is NULL, this will not generate a server
* TLS context. If TOR_TLS_CTX_IS_PUBLIC_SERVER is set in <b>flags</b>, use
* the same TLS context for incoming and outgoing connections, and
- * ignore <b>client_identity</b>. If one of TOR_TLS_CTX_USE_ECDHE_P{224,256}
- * is set in <b>flags</b>, use that ECDHE group if possible; otherwise use
- * the default ECDHE group. */
+ * ignore <b>client_identity</b>.
+ */
int
tor_tls_context_init(unsigned flags,
crypto_pk_t *client_identity,
void tor_tls_free_all(void);
#define TOR_TLS_CTX_IS_PUBLIC_SERVER (1u<<0)
-#define TOR_TLS_CTX_USE_ECDHE_P256 (1u<<1)
-#define TOR_TLS_CTX_USE_ECDHE_P224 (1u<<2)
void tor_tls_init(void);
void tls_log_errors(tor_tls_t *tls, int severity, int domain,
#if defined(SSL_CTX_set1_groups_list) || defined(HAVE_SSL_CTX_SET1_GROUPS_LIST)
{
const char *list;
- if (flags & TOR_TLS_CTX_USE_ECDHE_P224)
- list = "P-224:P-256";
- else if (flags & TOR_TLS_CTX_USE_ECDHE_P256)
- list = "P-256:P-224";
- else
- list = "P-256:P-224";
+ list = "P-256:P-224";
int r = (int) SSL_CTX_set1_groups_list(result->ctx, list);
if (r < 0)
goto error;
if (! is_client) {
int nid;
EC_KEY *ec_key;
- if (flags & TOR_TLS_CTX_USE_ECDHE_P224)
- nid = NID_secp224r1;
- else if (flags & TOR_TLS_CTX_USE_ECDHE_P256)
- nid = NID_X9_62_prime256v1;
- else
- nid = NID_tor_default_ecdhe_group;
- /* Use P-256 for ECDHE. */
+ nid = NID_tor_default_ecdhe_group;
ec_key = EC_KEY_new_by_curve_name(nid);
if (ec_key != NULL) /*XXXX Handle errors? */
SSL_CTX_set_tmp_ecdh(result->ctx, ec_key);
projects / thirdparty / tor.git / commitdiff
