diff options
Diffstat (limited to 'changes/bug7139')
| -rw-r--r-- | changes/bug7139 | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug7139 b/changes/bug7139 new file mode 100644 index 0000000000..dfb7d32838 --- /dev/null +++ b/changes/bug7139 @@ -0,0 +1,9 @@ + o Major bugfixes (security): + + - Disable TLS session tickets. OpenSSL's implementation were giving + our TLS session keys the lifetime of our TLS context objects, when + perfect forward secrecy would want us to discard anything that + could decrypt a link connection as soon as the link connection was + closed. Fixes bug 7139; bugfix on all versions of Tor linked + against OpenSSL 1.0.0 or later. Found by "nextgens". + |