commit 91d199b66a70fa43e652b6e5f0816d250d6f0bdc
Author: David Fifield <da...@bamsoftware.com>
Date: Wed Oct 22 16:39:09 2014 -0700
Set TLSv1.0 as the minimum TLS version in meek-server.
As a mitigationn for POODLE. This was spotted by Jesse Victors.
---
meek-server/meek-server.go | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go
index 81a1757..669f329 100644
--- a/meek-server/meek-server.go
+++ b/meek-server/meek-server.go
@@ -248,6 +248,11 @@ func listenTLS(network string, addr *net.TCPAddr,
certFilename, keyFilename stri
return nil, err
}
+ // Additionally disable SSLv3 because of the POODLE attack.
+ //
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
+ //
https://code.google.com/p/go/source/detail?r=ad9e191a51946e43f1abac8b6a2fefbf2291eea7
+ config.MinVersion = tls.VersionTLS10
+
tlsListener := tls.NewListener(conn, config)
return tlsListener, nil
_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
