nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 04:13:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
mirror repository of the tor core protocol in case of issues
10,966 Commits 53 Branches 630 Tags 128 MiB
C 94.4%
Python 1.5%
C++ 1.1%
Shell 1.1%
M4 0.9%
Other 0.8%
ce0a89e262
Go to file
Nick Mathewson ce0a89e262 Make Tor work with OpenSSL 0.9.8l 
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default.  We are not affected by this security problem, however,
since we do renegotiation right.  (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.

Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.

For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done.  There's no way to exploit a second handshake
either, but we might as well not allow it.
2009-11-05 18:13:08 -05:00
contrib bump to 0.2.1.20 2009-10-15 12:14:18 -04:00
debian Mention that this closes #538960 in the changelog 2009-07-29 12:49:52 +02:00
doc Add getinfo accepted-server-descriptor. Clean spec. 2009-08-31 18:37:25 -04:00
src Make Tor work with OpenSSL 0.9.8l 2009-11-05 18:13:08 -05:00
Win32Build r8906@Kushana: nickm | 2006-09-21 21:23:22 -0400 2006-09-22 01:23:28 +00:00
.gitignore Add *.swp to .gitignore as vim's editor dropping. 2009-05-27 12:10:37 -04:00
acinclude.m4 r17853@tombo: nickm | 2008-08-22 12:55:00 -0400 2008-08-22 16:55:28 +00:00
AUTHORS r16997@catbus: nickm | 2007-12-06 18:56:33 -0500 2007-12-06 23:56:36 +00:00
autogen.sh r14641@catbus: nickm | 2007-08-17 17:53:14 -0400 2007-08-17 21:55:24 +00:00
ChangeLog Make Tor work with OpenSSL 0.9.8l 2009-11-05 18:13:08 -05:00
configure.in bump to 0.2.1.20 2009-10-15 12:14:18 -04:00
Doxyfile.in Doxygen whines bitterly unless I let it update the configfile 2007-10-15 19:05:20 +00:00
INSTALL we changed autogen.sh's behavior, so update the INSTALL file 2008-01-23 19:08:53 +00:00
LICENSE Update the year for the copyright statement in two more files 2009-06-30 10:35:10 -04:00
Makefile.am make phobos's lines start with tabs again 2009-07-24 17:15:14 -04:00
README update the (not very useful) readme 2008-12-07 23:41:10 +00:00
ReleaseNotes credit optimist for the bug 1038 diagnosis 2009-07-28 20:44:51 -04:00
tor.spec.in update requirements to openssl 0.9.7 2009-06-08 10:30:13 -04:00

README 

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure; make; make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO

Frequently Asked Questions:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ