1. 05 Jun, 2012 1 commit
  2. 04 Jun, 2012 11 commits
  3. 03 Jun, 2012 1 commit
    • Nick Mathewson's avatar
      Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support · 841a8d55
      Nick Mathewson authored
      It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
      decides to renegotiate, the client will send a record with version "1.0"
      rather than with the current TLS version.  This would cause the
      connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
      handshake was in use.
      
      As a workaround, disable TLS 1.1 and TLS 1.2.  When a later version of
      OpenSSL is released, we can make this conditional on running a fixed
      version of OpenSSL.
      
      Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
      side.  But doing it this way for now means that we not only fix TLS with
      patched clients; we also fix TLS when the server has this patch and the
      client does not.  That could be important to keep the network running
      well.
      
      Fixes bug 6033.
      841a8d55
  4. 31 May, 2012 18 commits
  5. 30 May, 2012 8 commits
  6. 29 May, 2012 1 commit