your mail
andrew at torproject.org
andrew at torproject.org
Sun Jan 31 01:32:27 UTC 2010
On Sat, Jan 30, 2010 at 04:07:59PM -0700, rdump at river.com wrote 2.6K bytes in 72 lines about:
: If you have Vidalia.app containing tor 0.2.1.22, and you've also
: installed Apple's "Mac OS X Security Update 2010-001", you'll have
: noticed that Apple made some errors in their TLS renegotiation.
Thanks for the detail writeup. Perhaps you want to view
https://bugs.torproject.org/flyspray/index.php?do=details&id=1225 and
the comments.
Or perhaps http://archives.seul.org/or/talk/Jan-2010/msg00253.html for
the current state of packages and fixes.
: Apple removed TLS renegotiation even for apps that both need TLS
: renegotiation and do it safely. Apple did this in spite of the upstream
: OpenSSL project having fixed the renegotiation vulnerability more
: sanely. Apple is apparently using a partial back-port of the fix.
Technically, they just disabled it. You can enable tls renegotiation by
setting CPPFLAGS='-DSSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION=0x0010'
in front of configure.
--
Andrew Lewman
The Tor Project
pgp 0x31B0974B
Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list