changes/bug4312


1
2
3
4
5
6
7
8
9
10
11

  o Security fixes:

    - Block excess renegotiations even if they are RFC5746 compliant.
      This mitigates potential SSL Denial of Service attacks that use
      SSL renegotiation as a way of forcing the server to perform
      unneeded computationally expensive SSL handshakes. Implements
      #4312.

    - Fix a bug where tor would not notice excess renegotiation
      attempts before it received the first data SSL record. Fixes
      part of #4312.