Opened 3 years ago

Closed 3 years ago

Last modified 20 months ago

#13426 closed defect (fixed)

Disable SSLv3 unconditionally

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: 023-backport, 024-backport, 025-backport, tor-client, 2016-bug-retrospective
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

POODLE is not going to be the last attack on SSL v3. Let's not wait to find out whether the next one affects us, and just disable SSLv3 in Tor.

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by nickm

Status: newneeds_review

I made a branch "no_sslv3_023" that we can merge into 0.2.3 or later.

comment:2 Changed 3 years ago by nickm

Andrea and Yawning like the patch. Weasel says he thinks it's okay to put it in 0.2.3 and later in his opinion.

comment:3 Changed 3 years ago by nickm

Merged to 0.2.3 and later.

comment:4 Changed 3 years ago by nickm

Milestone: Tor: 0.2.6.x-finalTor: 0.2.3.x-final
Resolution: fixed
Status: needs_reviewclosed

comment:5 Changed 20 months ago by nickm

Keywords: 2016-bug-retrospective added

Mark more tickets for bug retrospective based on hand-review of changelogs from 0.2.5 onwards.

Note: See TracTickets for help on using tickets.