commit b938b1f329646dc6b884011f35a9a7529d61c931
parent f83638b6bccbc45f6a42f73f2517d51690042595
Author: David Goulet <dgoulet@torproject.org>
Date: Tue, 30 Sep 2025 09:56:45 -0400
Merge branch 'tor-gitlab/mr/936' into maint-0.4.8
Diffstat:
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/changes/bug41134 b/changes/bug41134
@@ -0,0 +1,3 @@
+ o Major bugfixes (client, TLS):
+ - Fix some clients not being able to connect to LibreSSL relays.
+ Fixes bug 41134; bugfix on 0.4.8.17
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
@@ -696,14 +696,17 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
// that supports ML-KEM also supports the ? syntax.
// We also use the * and / syntaxes:
// '*' indicates that the client should send these keyshares.
- // "/" means that we should consider a set of of groups
- // as equivalently secure.
+ // "/" separates tuples of groups that are "comparably secure".
//
// Note that we tell the client to send a P-256 keyshare, since until
// this commit, our servers didn't accept X25519.
+ //
+ // Also note that until the upstream LibreSSL bug from tor#41134 gets
+ // fixed, the order of groups common between each preference list must
+ // be the same. We can't prefer P-256 in one, and X25519 in another.
{
OPENSSL_V_SERIES(3,5,0),
- "?*X25519MLKEM768 / ?SecP256r1MLKEM768:?X25519 / *P-256:P-224"
+ "?*X25519MLKEM768 / ?SecP256r1MLKEM768 / *P-256:?X25519:P-224"
},
{ 0, "P-256:X25519:P-224" },
{ 0, "P-256:P-224" },
