tor/changes/disable_sslv3
Nick Mathewson af73d3e4d8 Disable SSLv3 unconditionally. Closes ticket 13426.
The POODLE attack doesn't affect Tor, but there's no reason to tempt
fate: SSLv3 isn't going to get any better.
2014-10-15 11:50:05 -04:00

5 lines
232 B
Plaintext

o Major security fixes:
- Disable support for SSLv3. All versions of OpenSSL in use with
Tor today support TLS 1.0 or later, so we can safely turn off
support for this old (and insecure) protocol. Fixes bug 13426.