Tor is out

Roger Dingledine arma at
Sun Jan 30 07:00:26 UTC 2011

Tor fixes a few more less-critical security issues. The
main other change is a slight tweak to Tor's TLS handshake that makes
relays and bridges that run this new version reachable from Iran again.
We don't expect this tweak will win the arms race long-term, but it will
buy us a bit more time until we roll out a better solution.

Anybody running a relay or bridge who wants it to work for Iran should

Changes in version - 2011-01-25
  o Major bugfixes:
    - Fix a bounds-checking error that could allow an attacker to
      remotely crash a directory authority. Bugfix on
      Found by "piebeer".
    - Don't assert when changing from bridge to relay or vice versa
      via the controller. The assert happened because we didn't properly
      initialize our keys in this case. Bugfix on; fixes
      bug 2433. Reported by bastik.

  o Minor features:
    - Adjust our TLS Diffie-Hellman parameters to match those used by
      Apache's mod_ssl.
    - Provide a log message stating which geoip file we're parsing
      instead of just stating that we're parsing the geoip file.
      Implements ticket 2432.

  o Minor bugfixes:
    - Check for and reject overly long directory certificates and
      directory tokens before they have a chance to hit any assertions.
      Bugfix on / Found by "doorss".

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <>

More information about the tor-talk mailing list