mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 21:23:58 +01:00
609065f165
The server-side clipping now clamps to one of two values, both for what to report, and how long to cache. Additionally, we move some defines to dns.h, and give them better names.
8 lines
416 B
Plaintext
8 lines
416 B
Plaintext
o Major features (security):
|
|
- Change the algorithm used to decide DNS TTLs on client and server side,
|
|
to better resist DNS-based correlation attacks like the DefecTor attack
|
|
of Greschbach, Pulls, Roberts, Winter, and Feamster). Now
|
|
relays only return one of two possible DNS TTL values, and clients
|
|
are willing to believe DNS TTL values up to 3 hours long.
|
|
Closes ticket 19769.
|