[tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Oct 10 03:58:50 UTC 2012
#7070: tor disables the SSLv3 for OpenSSL 1.0.0j
--------------------+-------------------------------------------------------
Reporter: kukabu | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: | Parent: #4822
Points: | Actualpoints:
--------------------+-------------------------------------------------------
Comment(by arma):
Replying to [comment:3 nickm]:
> our best bet might be to just treat this as Fedora being Fedora, and
accept that we will sometimes mistake a Fedora openssl for an older one
than it really is. Other approaches -- like testing for the presence of
the bug at runtime, or trying to parse the human-readable version string
-- seem like they would be error-prone too, just in different ways.
How about letting config options choose Tor's behavior, and then the Tor
rpm can, if it knows what openssl it will secretly be using, turn on
behaviors that it wants?
I haven't yet heard about an openssl feature that we're missing so badly
that we should spend time on this issue though.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7070#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list