Merge remote-tracking branch 'origin/maint-0.2.3'

author: Nick Mathewson <nickm@torproject.org> 2012-10-19 01:01:26 -0400
committer: Nick Mathewson <nickm@torproject.org> 2012-10-19 01:01:26 -0400
commit: 9f1b1ef4fbc67b2d3f6e2f9b2dd4d8cd44dc49b7 (patch)
tree: 52a85a5cef51285bde84ff3aef17a4d078bafecc /changes
parent: 981f25a73ad5ff5de1147e6f9bc3cb7c55cda71b (diff)
parent: a0e9dc9f55a452d78d9d16b4a2fc7d57dafa0409 (diff)
download: tor-9f1b1ef4fbc67b2d3f6e2f9b2dd4d8cd44dc49b7.tar
tor-9f1b1ef4fbc67b2d3f6e2f9b2dd4d8cd44dc49b7.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug7139 b/changes/bug7139
new file mode 100644
index 000000000..dfb7d3283
--- /dev/null
+++ b/changes/bug7139
@@ -0,0 +1,9 @@
+  o Major bugfixes (security):
+
+    - Disable TLS session tickets.  OpenSSL's implementation were giving
+      our TLS session keys the lifetime of our TLS context objects, when
+      perfect forward secrecy would want us to discard anything that
+      could decrypt a link connection as soon as the link connection was
+      closed.  Fixes bug 7139; bugfix on all versions of Tor linked
+      against OpenSSL 1.0.0 or later. Found by "nextgens".
+
author	Nick Mathewson <nickm@torproject.org>	2012-10-19 01:01:26 -0400
committer	Nick Mathewson <nickm@torproject.org>	2012-10-19 01:01:26 -0400
commit	9f1b1ef4fbc67b2d3f6e2f9b2dd4d8cd44dc49b7 (patch)
tree	52a85a5cef51285bde84ff3aef17a4d078bafecc /changes
parent	981f25a73ad5ff5de1147e6f9bc3cb7c55cda71b (diff)
parent	a0e9dc9f55a452d78d9d16b4a2fc7d57dafa0409 (diff)
download	tor-9f1b1ef4fbc67b2d3f6e2f9b2dd4d8cd44dc49b7.tar tor-9f1b1ef4fbc67b2d3f6e2f9b2dd4d8cd44dc49b7.tar.gz