[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4822 [Tor Client]: Avoid vulnerability CVE-2011-4576 : Disable SSL3?
#4822: Avoid vulnerability CVE-2011-4576 : Disable SSL3?
------------------------+---------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_review
Priority: critical | Milestone: Tor: 0.2.1.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by rransom):
Replying to [comment:26 nickm]:
> Replying to [comment:23 rransom]:
> > Replying to [comment:22 nickm]:
> > > For logging version numbers, prefer OPENSSL_VERSION_TEXT
> >
> > OK.
> >
> > > and SSLeay_version(SSLEAY_VERSION), I think.
> >
> > No.
{{{
char *SSLeay_version(t)
int t;
{
if (t == SSLEAY_VERSION)
return("SSLeay 0.9.1a 06-Jul-1998");
}}}
> >
> > That is impressively bogus.
> Weird; what openssl version are you looking at? Mine have
{{{
crypto/cversion.c: if (t == SSLEAY_VERSION)
crypto/cversion.c- return OPENSSL_VERSION_TEXT;
}}}
http://repo.or.cz/w/mirror-
openssl.git/blob/OpenSSL_1_0_0-stable:/crypto/cversion.c
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4822#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs