diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-10-15 11:50:05 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-10-15 11:50:05 -0400 |
| commit | af73d3e4d83ba7f404068008ad617e02b8a0a77b (patch) | |
| tree | 1ecc24b53517d920ffcc98f127cfb79749481fcc /changes | |
| parent | b98e3f993617fb6cb2e5f41bfa49c16a21965a4c (diff) | |
| download | tor-af73d3e4d83ba7f404068008ad617e02b8a0a77b.tar.gz tor-af73d3e4d83ba7f404068008ad617e02b8a0a77b.zip | |
Disable SSLv3 unconditionally. Closes ticket 13426.
The POODLE attack doesn't affect Tor, but there's no reason to tempt
fate: SSLv3 isn't going to get any better.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/disable_sslv3 | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/changes/disable_sslv3 b/changes/disable_sslv3 new file mode 100644 index 0000000000..bb4c2df7a2 --- /dev/null +++ b/changes/disable_sslv3 @@ -0,0 +1,4 @@ + o Major security fixes: + - Disable support for SSLv3. All versions of OpenSSL in use with + Tor today support TLS 1.0 or later, so we can safely turn off + support for this old (and insecure) protocol. Fixes bug 13426. |