diff options
| author | George Kadianakis <desnacked@gmail.com> | 2011-11-03 22:33:50 +0100 |
|---|---|---|
| committer | George Kadianakis <desnacked@gmail.com> | 2011-11-03 22:33:50 +0100 |
| commit | e097bffaed72af6b19f7293722021196bb94de1e (patch) | |
| tree | 2984501c3303f93f2125539a60af500e43736b11 /changes/bug4312 | |
| parent | e2b3527106e0747f652e2f28fa087d9874e0e2ce (diff) | |
| download | tor-e097bffaed72af6b19f7293722021196bb94de1e.tar tor-e097bffaed72af6b19f7293722021196bb94de1e.tar.gz | |
Fix issues pointed out by nickm.
- Rename tor_tls_got_server_hello() to tor_tls_got_client_hello().
- Replaced some aggressive asserts with LD_BUG logging.
They were the innocent "I believe I understand how these callbacks
work, and this assert proves it" type of callbacks, and not the "If
this statement is not true, computer is exploding." type of
callbacks.
- Added a changes file.
Diffstat (limited to 'changes/bug4312')
| -rw-r--r-- | changes/bug4312 | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/changes/bug4312 b/changes/bug4312 new file mode 100644 index 000000000..f8647d3c7 --- /dev/null +++ b/changes/bug4312 @@ -0,0 +1,11 @@ + o Security fixes: + + - Block excess renegotiations even if they are RFC5746 compliant. + This mitigates potential SSL Denial of Service attacks that use + SSL renegotiation as a way of forcing the server to perform + unneeded computationally expensive SSL handshakes. Implements + #4312. + + - Fix a bug where tor would not notice excess renegotiation + attempts before it received the first data SSL record. Fixes + part of #4312. |