[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j

To: undisclosed-recipients:;
Subject: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 09 Oct 2012 07:56:01 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 09 Oct 2012 03:56:20 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7070: tor disables the SSLv3 for OpenSSL 1.0.0j
--------------------+-------------------------------------------------------
 Reporter:  kukabu  |          Owner:       
     Type:  defect  |         Status:  new  
 Priority:  normal  |      Milestone:       
Component:  Tor     |        Version:       
 Keywords:          |         Parent:  #4822
   Points:          |   Actualpoints:       
--------------------+-------------------------------------------------------
 but OpenSSL 1.0.0j have got fix for CVE-2011-4576

 tor_tls_context_new(): Disabling SSLv3 because this OpenSSL version might
 otherwise be vulnerable to CVE-2011-4576 (compile-time version 10000003
 (OpenSSL 1.0.0j-fips 10 May 2012); runtime version 10000003 (OpenSSL 1.0
 .0j-fips 10 May 2012))

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7070>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j on Fedora (was: tor disables the SSLv3 for OpenSSL 1.0.0j)
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7068 [TorBirdy]: continue enigmail support, just fail closed
Next by Author: Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
Previous by thread: Re: [tor-bugs] #6613 [EFF-HTTPS Everywhere]: [CHROME] Abnormal CPU usage (was: Abnormal CPU usage in Chrome HTTPS Everywhere extension)
Next by thread: Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
Index(es):
- Author
- Thread