[tor-bugs] #4822 [Tor Client]: Avoid vulnerability CVE-2011-4576 : Disable SSL3?
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Jan 5 02:13:33 UTC 2012
#4822: Avoid vulnerability CVE-2011-4576 : Disable SSL3?
------------------------+---------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_review
Priority: critical | Milestone: Tor: 0.2.1.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by rransom):
Replying to [comment:7 nickm_mobile]:
> We could have clients use TLSv1_method, at least. That would be
something. Servers would probably need some disgusting hackery of the
info_cb variety.
This would make Tor clients' ClientHello messages distinguishable from
most other applications'. I don't think we're going to want to do that
until SSL 2 and 3 are really dead, and I'm not convinced that that will
ever happen.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4822#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list