[tor-qa] Tor Browser 4.5.2 is ready for testing
Wilton Gorske
wilton at riseup.net
Sun Jun 7 18:20:51 UTC 2015
Testing: TorBrowser-4.5.2-osx64_en-US.dmg
System Version: OS X 10.10.3 (14D136)
Kenel Version: Darwin 14.3.0
Processor: 2.3GHz Intel Core i7
Memory: 16 GB 1600 MHz DDR3
Graphics: Intel Iris Pro & NVIDIA GeForce GT 750M 2048 MB
Display: 15-inch (2880 x 1800 Retina)
TBB Launches successfully: yes
Connects to the Tor network: yes
Browser toolbars and menus work, tab dragging works: yes
All extensions are present and functional: yes
- HTTPS-Everywhere 5.0.5
- NoScript 2.6.9.26
- TorButton 1.9.2.6
- TorLauncher 0.2.7.4
Web browsing works as expected
- HTTP, HTTPS, .onion browsing works (https://facebookcorewwwi.onion/)
- HTML5 videos work on http://videojs.com/ and YouTube
- http://ip-check.info/?lang=en - ok
- https://panopticlick.eff.org/ - only one in 2,425 , 11.24 bits of
identifying information
- https://weakdh.org/ - Safe
SOCKS/external apps work as expected: yes (Torbirdy)
SSL client is bad according to https://www.howsmyssl.com/.
“Session tickets are not supported in your client. Without them,
services will have a harder time making your client's connections fast.
Generally, clients with ephemeral key support get this for free.”
“Your client supports cipher suites that are known to be insecure:
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: This cipher use RC4 which has
insecure biases in its output.
TLS_ECDHE_RSA_WITH_RC4_128_SHA: This cipher use RC4 which has
insecure biases in its output.
TLS_RSA_WITH_RC4_128_MD5: This cipher use RC4 which has insecure
biases in its output.
TLS_RSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure
biases in its output.”
No other noticeable misbehavior.
Georg Koppen:
> Hi,
>
> Tor Browser 4.5.2-build1 is up at for testing:
>
> https://people.torproject.org/~gk/builds/4.5.2-build1/
>
> This release provides a fix for the Logjam attack (https://weakdh.org/)
> and updates a number of Tor Browser components: Tor to version 0.2.6.8,
> Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and
> HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash
> on Linux and avoids breaking the Add-ons page if Torbutton is disabled.
>
> Here is the full change log:
>
> Tor Browser 4.5.2 -- June 12 2015
> * All Platforms
> * Update Tor to 0.2.6.8
> * Update HTTPS-Everywhere to 5.0.5
> * Update NoScript to 2.6.9.26
> * Update Torbutton to 1.9.2.6
> * Bug 15984: Disabling Torbutton breaks the Add-ons Manager
> * Bug 14429: Make sure the automatic resizing is disabled
> * Translation updates
> * Bug 16130: Defend against logjam attack
> * Bug 15984: Disabling Torbutton breaks the Add-ons Manager
> * Linux
> * Bug 16026: Fix crash in GStreamer
> * Bug 16083: Update comment in start-tor-browser
>
> Georg
>
>
>
> _______________________________________________
> tor-qa mailing list
> tor-qa at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-qa/attachments/20150607/7d6e0870/attachment-0001.sig>
More information about the tor-qa
mailing list