Don't send a certificate chain on outgoing TLS connections from non-relays

author: Nick Mathewson <nickm@torproject.org> 2011-10-23 16:06:06 +0000
committer: Sebastian Hahn <sebastian@torproject.org> 2011-10-26 23:20:56 +0200
commit: 638fdedcf16cf7d6f7c586d36f7ef335c1c9714f (patch)
tree: 4b755d680ebf0636d72dd6ad29e39af38a8932bb /changes/issue-2011-10-19L
parent: a166f1041444c133d0617d998cba6a1e41c8002f (diff)
download: tor-638fdedcf16cf7d6f7c586d36f7ef335c1c9714f.tar.gz
tor-638fdedcf16cf7d6f7c586d36f7ef335c1c9714f.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L
new file mode 100644
index 0000000000..972823eeea
--- /dev/null
+++ b/changes/issue-2011-10-19L
@@ -0,0 +1,12 @@
+  o Security fixes:
+
+    - Don't send TLS certificate chains on outgoing OR connections
+      from clients and bridges.  Previously, each client or bridge
+      would use a single cert chain for all outgoing OR connections
+      for up to 24 hours, which allowed any relay connected to by a
+      client or bridge to determine which entry guards it is using.
+      This is a potential user-tracing bug for *all* users; everyone
+      who uses Tor's client or hidden service functionality should
+      upgrade.  Fixes CVE-2011-2768.  Bugfix on FIXME; found by
+      frosty_un.
+
author	Nick Mathewson <nickm@torproject.org>	2011-10-23 16:06:06 +0000
committer	Sebastian Hahn <sebastian@torproject.org>	2011-10-26 23:20:56 +0200
commit	638fdedcf16cf7d6f7c586d36f7ef335c1c9714f (patch)
tree	4b755d680ebf0636d72dd6ad29e39af38a8932bb /changes/issue-2011-10-19L
parent	a166f1041444c133d0617d998cba6a1e41c8002f (diff)
download	tor-638fdedcf16cf7d6f7c586d36f7ef335c1c9714f.tar.gz tor-638fdedcf16cf7d6f7c586d36f7ef335c1c9714f.zip