commit c78a314e95ef7f0d05e9d58066ee6bf6795ee9d7 Author: Nick Mathewson <nickm@torproject.org> Date: Mon Jan 9 16:40:21 2012 -0500 Fix comment about TLSv1_method() per comments by wanoskarnet --- src/common/tortls.c | 13 ++++--------- 1 files changed, 4 insertions(+), 9 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 37074de..f7a15b0 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -777,15 +777,10 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime, } #if 0 - /* Tell OpenSSL to only use TLS1. This would actually break compatibility - * with clients that are configured to use SSLv23_method(), so we should - * probably never use it. - */ - /* XXX wanoskarnet says this comment is bunk -- that even if we turn - * this line on, clients configured to use SSLv23 would still able to - * talk to us. But he also says it's ok to leave it out. I suggest we - * delete this whole clause (the one that's #if 0'ed out). I'll leave - * it in place until Nick expresses an opinion. -RD */ + /* Tell OpenSSL to only use TLS1. This may have subtly different results + * from SSLv23_method() with SSLv2 and SSLv3 disabled, so we need to do some + * investigation before we consider adjusting it. It should be compatible + * with existing Tors. */ if (!(result->ctx = SSL_CTX_new(TLSv1_method()))) goto error; #endif