mirror repository of the tor core protocol in case of issues
Go to file
Nick Mathewson 6ad09cc6af Fix renegotiation on OpenSSL versions that backport RFC5746.
Our code assumed that any version of OpenSSL before 0.9.8l could not
possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.  This is
so... except that many vendors have backported the flag from later
versions of openssl when they backported the RFC5476 renegotiation
feature.

The new behavior is particularly annoying to detect.  Previously,
leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that
clients would fail to renegotiate.  People noticed that one fast!
Now, OpenSSL's RFC5476 support means that clients will happily talk to
any servers there are, but servers won't accept renegotiation requests
from unpatched clients unless SSL_OP_ALLOW_etc is set.  More fun:
servers send back a "no renegotiation for you!" error, which unpatched
clients respond to by stalling, and generally producing no useful
error message.

This might not be _the_ cause of bug 1346, but it is quite likely _a_
cause for bug 1346.
2010-04-13 15:05:03 -04:00
changes Fix renegotiation on OpenSSL versions that backport RFC5746. 2010-04-13 15:05:03 -04:00
contrib bump to 0.2.1.25 2010-03-15 18:08:29 -04:00
debian New upstream version 2009-11-13 19:57:10 +01:00
doc Add getinfo accepted-server-descriptor. Clean spec. 2009-08-31 18:37:25 -04:00
src Fix renegotiation on OpenSSL versions that backport RFC5746. 2010-04-13 15:05:03 -04:00
Win32Build r8906@Kushana: nickm | 2006-09-21 21:23:22 -0400 2006-09-22 01:23:28 +00:00
.gitignore Add *.swp to .gitignore as vim's editor dropping. 2009-05-27 12:10:37 -04:00
acinclude.m4 Add --enable-static-(openssl|libevent) options 2010-01-24 14:34:47 -05:00
AUTHORS r16997@catbus: nickm | 2007-12-06 18:56:33 -0500 2007-12-06 23:56:36 +00:00
autogen.sh r14641@catbus: nickm | 2007-08-17 17:53:14 -0400 2007-08-17 21:55:24 +00:00
ChangeLog give us a blurb; add stanza to the releasenotes 2010-03-16 00:44:30 -04:00
configure.in bump to 0.2.1.25 2010-03-15 18:08:29 -04:00
Doxyfile.in Doxygen whines bitterly unless I let it update the configfile 2007-10-15 19:05:20 +00:00
INSTALL we changed autogen.sh's behavior, so update the INSTALL file 2008-01-23 19:08:53 +00:00
LICENSE Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
Makefile.am Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
README update the (not very useful) readme 2008-12-07 23:41:10 +00:00
ReleaseNotes give us a blurb; add stanza to the releasenotes 2010-03-16 00:44:30 -04:00
tor.spec.in update requirements to openssl 0.9.7 2009-06-08 10:30:13 -04:00

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure; make; make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO

Frequently Asked Questions:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ