Nick Mathewson
df6bd478ee
Implement the client side of proposal 198
...
This is a feature removal: we no longer fake any ciphersuite other
than the not-really-standard SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
(0xfeff). This change will let servers rely on our actually
supporting what we claim to support, and thereby let Tor migrate to
better TLS ciphersuites.
As a drawback, Tor instances that use old openssl versions and
openssl builds with ciphers disabled will no longer give the
"firefox" cipher list.
2012-06-13 12:06:28 -04:00
Nick Mathewson
89c1689009
Change our ciphersuite list to match ff8
2012-05-15 15:25:54 -04:00
Nick Mathewson
bd0657602d
get_mozilla_ciphers: look at ssl3con.c, not sslenum.c
2012-03-14 18:36:58 -04:00
Nick Mathewson
c2ed9a2940
get_mozilla_ciphers: output lowercase hex.
2012-03-14 18:19:21 -04:00
Nick Mathewson
c5dca8f208
Try to make get_mozilla_ciphers output the right macros in the right order
2012-03-14 17:53:17 -04:00
Nick Mathewson
092b9aca8c
Have get_mozilla_ciphers take sourcedirs as arguments
2012-03-14 16:53:39 -04:00
Nick Mathewson
a6a905cc11
Make get_mozilla_ciphers script a little more regexy and readable
2012-03-14 16:45:38 -04:00
Nick Mathewson
db07aaf45f
Script to generate ciphers.inc by Arturo
2012-03-14 16:01:15 -04:00
Nick Mathewson
ec1bc8a979
Use a given name in the bug5090 message, at its holder's request.
2012-03-09 14:50:46 -05:00
Nick Mathewson
99bd5400e8
Never choose a bridge as an exit. Bug 5342.
2012-03-09 14:27:50 -05:00
Nick Mathewson
8abfcc0804
Revise "sufficient exit nodes" check to work with restrictive ExitNodes
...
If you set ExitNodes so that only 1 exit node is accepted, the
previous patch would have made you unable to build circuits.
2012-03-09 14:23:23 -05:00
Nick Mathewson
a574f7f3fe
Merge branch 'bug5343' into maint-0.2.2
2012-03-09 13:54:04 -05:00
Nick Mathewson
31f253ae6a
Oops; credit bug5090 patch to flupzor. estebanm only found the bug.
2012-03-09 11:54:27 -05:00
Nick Mathewson
be0535f00b
Correctly handle broken escape sequences in torrc values
...
Previously, malformatted torrc values could crash us.
Patch by Esteban Manchado. Fixes bug 5090; fix on 0.2.0.16-alpha.
2012-03-09 11:50:22 -05:00
Nick Mathewson
ec8a06c5a1
Require a threshold of exit nodes before building circuits
...
This mitigates an attack proposed by wanoskarnet, in which all of a
client's bridges collude to restrict the exit nodes that the client
knows about. Fixes bug 5343.
2012-03-08 15:42:54 -05:00
Sebastian Hahn
fe50b676bc
Fix compile warnings in openbsd malloc
2012-03-08 19:28:59 +01:00
Nick Mathewson
9d5d3a7fd4
Merge remote-tracking branch 'karsten/geoip-march2012' into maint-0.2.2
2012-03-08 10:50:03 -05:00
Karsten Loesing
c5d7ee714f
Update to the March 2012 GeoIP database.
2012-03-08 09:35:15 +01:00
Roger Dingledine
e21756908f
new ip address for maatuska
2012-02-29 13:22:41 -05:00
Sebastian Hahn
8ce6722d76
Properly protect paths to sed, sha1sum, openssl
...
in Makefile.am, we used it without quoting it, causing build failure if
your openssl/sed/sha1sum happened to live in a directory with a space in
it (very common on windows)
2012-02-10 20:12:03 +01:00
Nick Mathewson
c8b855082b
Downgrade "missing a certificate" from notice to info
...
It was apparently getting mistaken for a problem, even though it was
at notice.
Fixes 5067; fix on 0.2.0.10-alpha.
2012-02-10 12:01:56 -05:00
Nick Mathewson
2da0efb547
Use correct CVE number for CVE-2011-4576. Found by fermenthor. bug 5066
2012-02-10 10:55:39 -05:00
Roger Dingledine
a70ff4b2cb
Merge branch 'maint-0.2.1' into maint-0.2.2
2012-02-09 04:21:08 -05:00
Roger Dingledine
85c539009a
Revert "add a "docs" to the manual URI as listed in torrc.sample.in"
...
This reverts commit 55e8cae815
.
The conversation from irc:
> weasel: i had intended to leave torrc.sample.in alone in maint-0.2.2,
since i don't want to make all your stable users have to deal with
a torrc change. but nickm changed it. is it in fact the case that a
change in that file means a change in the deb?
<weasel> it means you'll prompt every single user who ever touched
their torrc
<weasel> and they will be asked if they like your new version better
than what they have right now
<weasel> so it's not great
Instead I changed the website to redirect requests for the tor-manual
URL listed in maint-0.2.2's torrc.sample.in so the link will still work.
2012-02-09 03:57:04 -05:00
Karsten Loesing
4180624a7d
Update to the February 2012 GeoIP database.
2012-02-09 09:16:24 +01:00
Nick Mathewson
55e8cae815
add a "docs" to the manual URI as listed in torrc.sample.in
2012-02-08 10:52:05 -05:00
Roger Dingledine
688903e919
Update "ClientOnly" man page entry
...
There isn't really any point to messing with it. Resolves ticket 5005.
2012-02-02 02:31:28 -05:00
Nick Mathewson
6d595fa4cf
Merge remote-tracking branch 'public/bug4533_part2' into maint-0.2.2
2012-01-18 15:29:25 -05:00
Nick Mathewson
676bba8e0c
Documentation for GiveGuardFlagTo... option
2012-01-18 14:44:29 -05:00
Nick Mathewson
dd4b1a2ac6
Fix SOCKET_OK test on win64.
...
Bugfix on 0.2.2.29-beta; partial fix for 4533; found by wanoskarnet
2012-01-18 10:48:29 -05:00
Nick Mathewson
0126150c2d
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
2012-01-11 11:07:13 -05:00
Nick Mathewson
8d5c0e58ea
Fix a compilation warning for our bug4822 fix on 64-bit linux
2012-01-11 11:06:31 -05:00
Nick Mathewson
c78a314e95
Fix comment about TLSv1_method() per comments by wanoskarnet
2012-01-09 16:40:21 -05:00
Nick Mathewson
6fd61cf767
Fix a trivial log message error in renservice.c
...
Fixes bug 4856; bugfix on 0.0.6
This bug was introduced in 79fc5217
, back in 2004.
2012-01-09 12:21:04 -05:00
Roger Dingledine
cc1580dbe0
when the consensus fails, list which dir auths were in or out
2012-01-08 12:14:44 -05:00
Roger Dingledine
04bf17c50c
nickname, not identity fingerprint, will help more
2012-01-08 12:09:01 -05:00
Roger Dingledine
78e95b7b71
tell me who votes are actually for, not just where they're from
2012-01-08 10:03:46 -05:00
Roger Dingledine
1416dd47a9
add a note from wanoskarnet
...
he disagrees about what the code that we decided not to use would do
2012-01-08 09:03:03 -05:00
Nick Mathewson
ccd8289958
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
2012-01-05 14:16:30 -05:00
Nick Mathewson
b839ace7d0
Merge branch 'bug4822_021_v2_squashed' into maint-0.2.1
2012-01-05 14:11:42 -05:00
Robert Ransom
4752b34879
Log at info level when disabling SSLv3
2012-01-05 12:28:56 -05:00
Nick Mathewson
0a00678e56
Add a changes file for bug4822
2012-01-05 12:28:55 -05:00
Nick Mathewson
db78fe4589
Disable SSLv3 when using a not-up-to-date openssl
...
This is to address bug 4822, and CVE-2011-4576.
2012-01-05 12:28:55 -05:00
Roger Dingledine
a1074c7aa2
Merge branch 'maint-0.2.1' into maint-0.2.2
2012-01-05 06:45:28 -05:00
Roger Dingledine
df17b62d54
add a changes file for ticket 4825
2012-01-05 06:42:26 -05:00
Karsten Loesing
1db1b23a7b
Update to the January 2012 GeoIP database.
2012-01-05 11:10:57 +01:00
Sebastian Hahn
d861b4cc9d
Fix spelling in a controlsocket log msg
...
Fixes bug 4803.
2011-12-30 23:27:02 +01:00
Nick Mathewson
84bf8e3808
Merge remote-tracking branch 'public/bug4788' into maint-0.2.2
2011-12-28 16:50:45 -05:00
Nick Mathewson
c563551eef
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
2011-12-28 15:56:37 -05:00
Nick Mathewson
120a745346
Bug 4786 fix: don't convert EARLY to RELAY on v1 connections
...
We used to do this as a workaround for older Tors, but now it's never
the correct thing to do (especially since anything that didn't
understand RELAY_EARLY is now deprecated hard).
2011-12-28 15:54:06 -05:00