[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #11521 [Tor]: Appears vulnerable to Heartbleed

Subject: [tor-bugs] #11521 [Tor]: Appears vulnerable to Heartbleed
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 14 Apr 2014 23:48:31 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 14 Apr 2014 19:48:42 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#11521: Appears vulnerable to Heartbleed
-------------------------------------------------+-------------------------
 Reporter:  Richard                              |          Owner:
     Type:  defect                               |         Status:  new
 Priority:  normal                               |      Milestone:
Component:  Tor                                  |        Version:
 Keywords:  tor-client, tbb-3.0, tbb-3.6, tbb-   |  Actual Points:
  helpdesk-frequent, tbb-beta-2                  |         Points:
Parent ID:                                       |
-------------------------------------------------+-------------------------
 Reported as using TLS 1.0, according to this website:
 https://www.howsmyssl.com/
 All my browsers except TOR give reassuring results on this site.
 Site reports that TOR's:
 "SSL Client is Bad",
 Version is TLS1.0 and is Very Old and possibly susceptible to the BEAST
 attack.
 Client supports cipher suites that are known to be INSECURE.

 Perhaps there is some purposeful obfuscation going on, or it is referring
 to the exit node - however the above site is consistent in its results.

 Thanks.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11521>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #11521 [TorBrowserButton]: Appears vulnerable to Heartbleed
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #11521 [Tor bundles/installation]: Appears vulnerable to Heartbleed
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #11520 [Tor]: "clear all current history" is leaving some history intact
Next by Author: Re: [tor-bugs] #11520 [TorBrowserButton]: "clear all current history" is leaving some history intact
Previous by thread: Re: [tor-bugs] #11520 [TorBrowserButton]: "clear all current history" is leaving some history intact
Next by thread: Re: [tor-bugs] #11521 [TorBrowserButton]: Appears vulnerable to Heartbleed
Index(es):
- Author
- Thread