mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 21:23:58 +01:00
mirror repository of the tor core protocol in case of issues
841a8d551a
It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it decides to renegotiate, the client will send a record with version "1.0" rather than with the current TLS version. This would cause the connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor handshake was in use. As a workaround, disable TLS 1.1 and TLS 1.2. When a later version of OpenSSL is released, we can make this conditional on running a fixed version of OpenSSL. Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client side. But doing it this way for now means that we not only fix TLS with patched clients; we also fix TLS when the server has this patch and the client does not. That could be important to keep the network running well. Fixes bug 6033. |
||
---|---|---|
changes | ||
contrib | ||
doc | ||
src | ||
.gitignore | ||
acinclude.m4 | ||
autogen.sh | ||
ChangeLog | ||
configure.in | ||
Doxyfile.in | ||
INSTALL | ||
LICENSE | ||
Makefile.am | ||
README | ||
ReleaseNotes | ||
tor.spec.in |
Tor protects your privacy on the internet by hiding the connection between your Internet address and the services you use. We believe Tor is reasonably secure, but please ensure you read the instructions and configure it properly. To build Tor from source: ./configure && make && make install Home page: https://www.torproject.org/ Download new versions: https://www.torproject.org/download.html Documentation, including links to installation and setup instructions: https://www.torproject.org/documentation.html Making applications work with Tor: https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO Frequently Asked Questions: https://www.torproject.org/faq.html https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ