diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-11-25 17:00:47 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-11-25 17:00:47 -0500 |
| commit | e5f2f10844dc2445f8cf2f0dc8ec92bc4ce65d63 (patch) | |
| tree | fae7b809f8c8470921c1b38be572e231b0af7709 /changes | |
| parent | b1bd30c24c4d9ee1a760c0fb28e18bc597bb0df5 (diff) | |
| parent | 406ae1ba5ad529a4d0e710229dab6ed645d42b50 (diff) | |
| download | tor-e5f2f10844dc2445f8cf2f0dc8ec92bc4ce65d63.tar.gz tor-e5f2f10844dc2445f8cf2f0dc8ec92bc4ce65d63.zip | |
Merge remote-tracking branch 'asn/bug4312'
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug4312 | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/changes/bug4312 b/changes/bug4312 new file mode 100644 index 0000000000..f8647d3c76 --- /dev/null +++ b/changes/bug4312 @@ -0,0 +1,11 @@ + o Security fixes: + + - Block excess renegotiations even if they are RFC5746 compliant. + This mitigates potential SSL Denial of Service attacks that use + SSL renegotiation as a way of forcing the server to perform + unneeded computationally expensive SSL handshakes. Implements + #4312. + + - Fix a bug where tor would not notice excess renegotiation + attempts before it received the first data SSL record. Fixes + part of #4312. |