[tor-bugs] #4822 [Tor Client]: Avoid vulnerability CVE-2011-4576 : Disable SSL3?
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Jan 6 18:53:27 UTC 2012
#4822: Avoid vulnerability CVE-2011-4576 : Disable SSL3?
---------------------------+------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: reopened
Priority: critical | Milestone: Tor: 0.2.1.x-final
Component: Tor Client | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
---------------------------+------------------------------------------------
Comment(by nickm):
I don't understand the comment. We don't actually use TLSv1_method
server-side, as far as I understand, and we're not planning to, since it
would make us reject non-TLS1 handshakes?
Also, what did we miss about SSL_OP_NO_SSLv2? We already set that option.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4822#comment:34>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list