commit 63353e75cb2fc02d0d1563fbbab106853bce1c02
parent 8501a9990d14390b0723e30607d0a5dfabbe31c2
Author: David Goulet <dgoulet@torproject.org>
Date: Tue, 30 Sep 2025 09:56:51 -0400
Merge branch 'maint-0.4.8'
Diffstat:
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/changes/bug41134 b/changes/bug41134
@@ -0,0 +1,3 @@
+ o Major bugfixes (client, TLS):
+ - Fix some clients not being able to connect to LibreSSL relays.
+ Fixes bug 41134; bugfix on 0.4.8.17
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
@@ -561,14 +561,17 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
// that supports ML-KEM also supports the ? syntax.
// We also use the * and / syntaxes:
// '*' indicates that the client should send these keyshares.
- // "/" means that we should consider a set of of groups
- // as equivalently secure.
+ // "/" separates tuples of groups that are "comparably secure".
//
// Note that we tell the client to send a P-256 keyshare, since until
// this commit, our servers didn't accept X25519.
+ //
+ // Also note that until the upstream LibreSSL bug from tor#41134 gets
+ // fixed, the order of groups common between each preference list must
+ // be the same. We can't prefer P-256 in one, and X25519 in another.
{
OPENSSL_V_SERIES(3,5,0),
- "?*X25519MLKEM768 / ?SecP256r1MLKEM768:?X25519 / *P-256:P-224"
+ "?*X25519MLKEM768 / ?SecP256r1MLKEM768 / *P-256:?X25519:P-224"
},
{ 0, "P-256:X25519:P-224" },
{ 0, "P-256:P-224" },
