[tor-commits] [meek/master] Set TLSv1.0 as the minimum TLS version in meek-server.
dcf at torproject.org
dcf at torproject.org
Thu Oct 23 00:01:07 UTC 2014
commit 91d199b66a70fa43e652b6e5f0816d250d6f0bdc
Author: David Fifield <david at bamsoftware.com>
Date: Wed Oct 22 16:39:09 2014 -0700
Set TLSv1.0 as the minimum TLS version in meek-server.
As a mitigationn for POODLE. This was spotted by Jesse Victors.
---
meek-server/meek-server.go | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go
index 81a1757..669f329 100644
--- a/meek-server/meek-server.go
+++ b/meek-server/meek-server.go
@@ -248,6 +248,11 @@ func listenTLS(network string, addr *net.TCPAddr, certFilename, keyFilename stri
return nil, err
}
+ // Additionally disable SSLv3 because of the POODLE attack.
+ // http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
+ // https://code.google.com/p/go/source/detail?r=ad9e191a51946e43f1abac8b6a2fefbf2291eea7
+ config.MinVersion = tls.VersionTLS10
+
tlsListener := tls.NewListener(conn, config)
return tlsListener, nil
More information about the tor-commits
mailing list