#28973: Disable TLS1.3 when openssl bug 7712 is present
-------------------------------------------------+-------------------------
 Reporter:  nickm                                |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.4.0.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.4.9
 Severity:  Normal                               |     Resolution:
 Keywords:  033-backport 034-backport            |  Actual Points:
  035-backport                                   |
Parent ID:  #28616                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by nickm):

 * status:  accepted => needs_review
 * keywords:   => 033-backport 034-backport 035-backport


Comment:

 I made branch `ticket28973_033` to test a fix here; it should also merge
 cleanly into 0.3.4, 0.3.5, and 0.4.0.

 I expect that a few warnings will still happen with this branch: it waits
 for the bug to happen once before disabling TLS 1.3, by which point other
 TLS 1.3 connections may already be in progress.

 I have tested this branch with a good OpenSSL version, but not with
 openssl 1.1.1a: I hope somebody else can do that.

 Only servers will encounter this issue.

 There is a github PR at https://github.com/torproject/tor/pull/625 .

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28973#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Reply via email to