Opened 3 years ago

Closed 3 years ago

Last modified 13 months ago

#13426 closed defect (fixed)

Disable SSLv3 unconditionally

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: 023-backport, 024-backport, 025-backport, tor-client, 2016-bug-retrospective
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

POODLE is not going to be the last attack on SSL v3. Let's not wait to find out whether the next one affects us, and just disable SSLv3 in Tor.

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by nickm

  • Status changed from new to needs_review

I made a branch "no_sslv3_023" that we can merge into 0.2.3 or later.

comment:2 Changed 3 years ago by nickm

Andrea and Yawning like the patch. Weasel says he thinks it's okay to put it in 0.2.3 and later in his opinion.

comment:3 Changed 3 years ago by nickm

Merged to 0.2.3 and later.

comment:4 Changed 3 years ago by nickm

  • Milestone changed from Tor: 0.2.6.x-final to Tor: 0.2.3.x-final
  • Resolution set to fixed
  • Status changed from needs_review to closed

comment:5 Changed 13 months ago by nickm

  • Keywords 2016-bug-retrospective added

Mark more tickets for bug retrospective based on hand-review of changelogs from 0.2.5 onwards.

Note: See TracTickets for help on using tickets.