o Privacy/anonymity fixes (clients):
- Clients and bridges no longer send TLS certificate chains on
- outgoing OR connections. Previously, each client or bridge
- would use the same cert chain for all outgoing OR connections
- for up to 24 hours, which allowed any relay that the client or
- bridge contacted to determine which entry guards it is using.
+ outgoing OR connections. Previously, each client or bridge would
+ use the same cert chain for all outgoing OR connections until
+ its IP address changes, which allowed any relay that the client
+ or bridge contacted to determine which entry guards it is using.
Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
- If a relay receives a CREATE_FAST cell on a TLS connection, it
no longer considers that connection as suitable for satisfying a
o Privacy/anonymity fixes (clients):
- Clients and bridges no longer send TLS certificate chains on
- outgoing OR connections. Previously, each client or bridge
- would use the same cert chain for all outgoing OR connections
- for up to 24 hours, which allowed any relay that the client or
- bridge contacted to determine which entry guards it is using.
+ outgoing OR connections. Previously, each client or bridge would
+ use the same cert chain for all outgoing OR connections until
+ its IP address changes, which allowed any relay that the client
+ or bridge contacted to determine which entry guards it is using.
Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
- If a relay receives a CREATE_FAST cell on a TLS connection, it
no longer considers that connection as suitable for satisfying a
projects / thirdparty / tor.git / commitdiff
