Startseite Erkunden Hilfe
Anmelden
piros
/
tor
3
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Quellcode durchsuchen

Change changes file and comment for 7189, for making it 0.2.4-only for now

Nick Mathewson vor 11 Jahren
Ursprung
4a7962e439
Commit
a1c121e78e
2 geänderte Dateien mit 8 neuen und 5 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 2 3
      changes/bug7189_server_only
  2. 6 2
      src/common/tortls.c

+ 2 - 3
changes/bug7189_server_only
Datei anzeigen 

@@ -1,5 +1,4 @@
 
   o Minor bugfixes:
 
     - Only disable TLS session ticket support when running as a TLS
 
-      server.  It's important for clients to remain hard to distinguish
 
-      from regular firefox connections. Fixes bug 7189; bugfix on
 
-      Tor 0.2.3.23-rc.
 
+      server. This keeps clients harder to distinguish from regular firefox
 
+      connections. Fixes bug 7189; bugfix on Tor 0.2.3.23-rc.

+ 6 - 2
src/common/tortls.c
Datei anzeigen 

@@ -1193,8 +1193,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 
   /* Disable TLS tickets if they're supported.  We never want to use them;
 
    * using them can make our perfect forward secrecy a little worse, *and*
 
    * create an opportunity to fingerprint us (since it's unusual to use them
 
-   * with TLS sessions turned off).  Clients need to advertise support for
 
-   * them, though to avoid a TLS distinguishability vector.
 
+   * with TLS sessions turned off).
 
+   *
 
+   * In 0.2.4, clients advertise support for them, though to avoid a TLS
 
+   * distinguishability vector.  This can give us worse PFS, though, if we
 
+   * get a server that doesn't set SSL_OP_NO_TICKET.  With luck, there will
 
+   * be few such servers by the time 0.2.4 is more stable.
 
    */
 
 #ifdef SSL_OP_NO_TICKET
 
   if (! is_client) {