[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: your mail
On Sat, Jan 30, 2010 at 04:07:59PM -0700, rdump@xxxxxxxxx wrote 2.6K bytes in 72 lines about:
: If you have Vidalia.app containing tor 0.2.1.22, and you've also
: installed Apple's "Mac OS X Security Update 2010-001", you'll have
: noticed that Apple made some errors in their TLS renegotiation.
Thanks for the detail writeup. Perhaps you want to view
https://bugs.torproject.org/flyspray/index.php?do=details&id=1225 and
the comments.
Or perhaps http://archives.seul.org/or/talk/Jan-2010/msg00253.html for
the current state of packages and fixes.
: Apple removed TLS renegotiation even for apps that both need TLS
: renegotiation and do it safely. Apple did this in spite of the upstream
: OpenSSL project having fixed the renegotiation vulnerability more
: sanely. Apple is apparently using a partial back-port of the fix.
Technically, they just disabled it. You can enable tls renegotiation by
setting CPPFLAGS='-DSSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION=0x0010'
in front of configure.
--
Andrew Lewman
The Tor Project
pgp 0x31B0974B
Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/