[tor-qa] 3.6-beta-2 builds are up
Wilton Gorske
wilton at riseup.net
Fri Apr 11 12:43:43 UTC 2014
Mike Perry:
> Alright, new builds are up that should fix the above issue and
> also disable the two FTE bridges that changed fingerprints:
> https://people.torproject.org/~mikeperry/builds/3.6-beta-2/
>
> Let me know if anything else explodes. I hope to announce these
> ASAP.
Testing: TorBrowser-3.6-beta-2-osx32_en-US.dmg
Platform: Mac OS X 10.9.2 (13C64)
Processor: 2.3GHz Intel Core i7
Memory: 16 GB 1600 MHz DDR3
Graphics: NVIDIA GeForce GT 750M 2048 MB
Display: 15-inch (2880 x 1800 Retina)
TBB Launches successfully: yes
Connects to the Tor network: yes
Browser toolbars and menus work, tab dragging works: yes
All extensions are present and functional: yes
- HTTPS-Everywhere 3.4.5
- NoScript 2.6.8.19
- TorButton 1.6.8.1
- TorLauncher 0.2.5.3
WebBrowsing works as expected
- HTTP, HTTPS, .onion browsing works
- HTML5 videos work on http://videojs.com/ and YouTube
- http://ip-check.info/?lang=en - ok
- https://panopticlick.eff.org/ - only one in 505,378 , 18.95 bits of
identifying information
- html5demos.com/web-socket - Not Connected / Socket Closed
SOCKS/external apps work as expected: yes (Torbirdy & Bitcoin-QT)
--------------------------------------------------------------
Also: https://www.howsmyssl.com/ :
**Your SSL client is Bad.**
Bad: Your client is using TLS 1.0, which is very old, possibly
susceptible to the BEAST attack, and doesn't have the best cipher
suites available on it. Additions like AES-GCM, and SHA256 to replace
MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more
modern cipher suites.
Good: Ephemeral keys are used in some of the cipher suites your client
supports. This means your client may be used to provide forward
secrecy if the server supports it. This greatly increases your
protection against snoopers, including global passive adversaries who
scoop up large amounts of encrypted traffic and store them until their
attacks (or their computers) improve.
Improvable: Session tickets are not supported in your client. Without
them, services will have a harder time making your client's
connections fast. Generally, clients with ephemeral key support get
this for free.
Good: Your TLS client does not attempt to compress the settings that
encrypt your connection, avoiding information leaks from the CRIME attack.
Good: Your client is not vulnerable to the BEAST attack. While it's
using TLS 1.0 in conjunction with Cipher-Block Chaining cipher suites,
it has implemented the 1/n-1 record splitting mitigation.
Bad: Your client supports cipher suites that are known to be insecure:
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: This cipher was meant to die
with SSL 3.0 and is of unknown safety.
The cipher suites your client said it supports, in the order it sent
them, are:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
More information about the tor-qa
mailing list