Log at info level when disabling SSLv3

author Robert Ransom <rransom.8774@gmail.com>

Thu, 5 Jan 2012 04:41:28 +0000 (20:41 -0800)

committer Nick Mathewson <nickm@torproject.org>

Thu, 5 Jan 2012 17:28:56 +0000 (12:28 -0500)
author Robert Ransom <rransom.8774@gmail.com>
Thu, 5 Jan 2012 04:41:28 +0000 (20:41 -0800)
committer Nick Mathewson <nickm@torproject.org>
Thu, 5 Jan 2012 17:28:56 +0000 (12:28 -0500)
diff --git a/src/common/tortls.c b/src/common/tortls.c

index 22b0e31726dc5c00981499cc3467ca104984e286..d88a59b9c700d8640ff1b6fd1907105cef9e8558 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -771,6 +771,12 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
        (SSLeay() >= 0x00909000L &&
         SSLeay() <  0x1000006fL)) {
      /* And not SSL3 if it's subject to CVE-2011-4657. */
+    log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
+             "might otherwise be vulnerable to CVE-2011-4657 "
+             "(compile-time version %08lx (%s); "
+             "runtime version %08lx (%s))",
+             OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
+             SSLeay(), SSLeay_version(SSLEAY_VERSION));
      SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
    }
author	Robert Ransom <rransom.8774@gmail.com>
	Thu, 5 Jan 2012 04:41:28 +0000 (20:41 -0800)
committer	Nick Mathewson <nickm@torproject.org>
	Thu, 5 Jan 2012 17:28:56 +0000 (12:28 -0500)