diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug7139 | 9 | ||||
| -rw-r--r-- | changes/dirserv-BUGGY-a | 7 |
2 files changed, 16 insertions, 0 deletions
diff --git a/changes/bug7139 b/changes/bug7139 new file mode 100644 index 0000000000..dfb7d32838 --- /dev/null +++ b/changes/bug7139 @@ -0,0 +1,9 @@ + o Major bugfixes (security): + + - Disable TLS session tickets. OpenSSL's implementation were giving + our TLS session keys the lifetime of our TLS context objects, when + perfect forward secrecy would want us to discard anything that + could decrypt a link connection as soon as the link connection was + closed. Fixes bug 7139; bugfix on all versions of Tor linked + against OpenSSL 1.0.0 or later. Found by "nextgens". + diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a new file mode 100644 index 0000000000..35b492a2d7 --- /dev/null +++ b/changes/dirserv-BUGGY-a @@ -0,0 +1,7 @@ + o Minor bugfixes: + + - Don't serve or accept v2 hidden service descriptors over a + relay's DirPort. It's never correct to do so, and disabling it + might make it more annoying to exploit any bugs that turn up in the + descriptor-parsing code. Fixes bug 7149. + |