mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
e097bffaed
- Rename tor_tls_got_server_hello() to tor_tls_got_client_hello(). - Replaced some aggressive asserts with LD_BUG logging. They were the innocent "I believe I understand how these callbacks work, and this assert proves it" type of callbacks, and not the "If this statement is not true, computer is exploding." type of callbacks. - Added a changes file.
12 lines
461 B
Plaintext
12 lines
461 B
Plaintext
o Security fixes:
|
|
|
|
- Block excess renegotiations even if they are RFC5746 compliant.
|
|
This mitigates potential SSL Denial of Service attacks that use
|
|
SSL renegotiation as a way of forcing the server to perform
|
|
unneeded computationally expensive SSL handshakes. Implements
|
|
#4312.
|
|
|
|
- Fix a bug where tor would not notice excess renegotiation
|
|
attempts before it received the first data SSL record. Fixes
|
|
part of #4312.
|