tor/changes
Nick Mathewson bd3db82906 New sort order for server choice of ciphersuites.
Back in 175b2678, we allowed servers to recognize clients who are
telling them the truth about their ciphersuites, and select the best
cipher from on that list. This implemented the server side of proposal
198.

In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes
and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had.
In #11513, I found a couple more.

Rather than try to hand-edit this list, I wrote a short python script
to generate our ciphersuite preferences from the openssl headers.

The new rules are:
  * Require forward secrecy.
  * Require RSA (since our servers only configure RSA keys)
  * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA,
    and NULL.)
  * No export ciphersuites.

Then:
  * Prefer AES to 3DES.
  * If both suites have the same cipher, prefer ECDHE to DHE.
  * If both suites have the same DHE group type, prefer GCM to CBC.
  * If both suites have the same cipher mode, prefer SHA384 to SHA256
    to SHA1.
  * If both suites have the same digest, prefer AES256 to AES128.
2014-04-14 14:16:49 -04:00
..
6783_big_hammer Add a DisableV2DirectoryInfo_ option to 404 all v2 ns requests 2013-03-10 20:31:53 -04:00
9854 Changes file for 9854 2013-10-09 09:43:54 -04:00
10777_netunreach update changes file 2014-02-11 18:57:38 -05:00
bug1992 Check for IP address change every minute, not 15 minutes 2013-02-11 21:57:32 -05:00
bug2286 Tweak consensus method 17 based on arma's comments 2013-02-19 11:05:15 -05:00
bug5595 When downloading certificates, distinguish requesting by identity digest from requesting by ID digest, signing key pair; fixes bug 5595 2013-05-09 10:55:01 -07:00
bug5650 Avoid busy-looping on WANTREAD within connection_handle_write 2013-04-12 01:11:31 -04:00
bug6026 Treat a changed IPv6 ORPort like an IPv4 one in retry_all_listeners() 2013-03-11 17:20:43 -04:00
bug6055 Re-enable TLS 1.[12] when building with OpenSSL >= 1.0.1e 2013-09-25 14:34:24 -04:00
bug6174 Stop frobbing timestamp_dirty as our sole means to mark circuits unusable 2013-02-19 18:29:17 -05:00
bug6206 Check return values from fcntl and setsockopt 2013-03-18 14:28:38 -04:00
bug6304 Fix the warning about LearnCircuitBuildTimeout && !CircuitBuildTimeout 2013-03-13 09:17:43 -04:00
bug6572 Changes file for bug6572. 2013-03-26 20:29:41 -07:00
bug6673 Give an #error when we want threads and OpenSSL has disabled threads 2013-03-11 13:23:10 -04:00
bug6979 Fix an assert when disabling ORPort with accounting disabled. 2013-09-18 10:26:32 -04:00
bug7054 Say "KBytes" rather than "KB" in the man page 2012-10-06 01:57:13 -04:00
bug7065 Changes file for #7065 2013-03-26 22:18:32 -04:00
bug7143 Add src/or/micro-revision.i to CLEANFILES in case anybody has one 2013-02-19 17:53:38 -05:00
bug7164_diagnostic Log fname:lineno in log messages for #7164 2013-03-13 10:42:58 -04:00
bug7280 Fix some basic socket issues with tor-fw-helper-natpmp on windows 2013-03-15 12:11:38 -04:00
bug7302 Make control_event_bootstrap_problem always INFO when hibernating 2013-03-11 20:52:20 -04:00
bug7350 Don't assert when writing a cell to a CLOSING connection. 2013-03-19 16:35:40 -04:00
bug7582 On END_REASON_EXITPOLICY, mark circuit as unusable for that address. 2013-03-11 23:37:47 -04:00
bug7707_diagnostic Track TLS overhead: diagnostic for bug 7707 2013-03-11 22:06:07 -04:00
bug7768 Use option name --test-commandline in tor-fw-helper. 2013-03-19 15:09:44 -04:00
bug7799 Update the changes file for bug7799. 2013-03-29 12:17:05 -04:00
bug7801 changes file for bug7801 2013-02-08 16:46:50 -05:00
bug7816_023 Avoid leaking headers received from SSL proxy 2012-12-28 22:45:53 -05:00
bug7816_023_small Fix various small leaks on error cases 2012-12-28 22:49:32 -05:00
bug7816.024 Fix an impossible-in-normal-operation leaks in dirvote 2012-12-28 23:04:44 -05:00
bug7902 When we get an END cell before CONNECTED, don't report SOCKS success 2013-01-16 12:09:49 -05:00
bug7947 Handle TRUNCATE correctly if our next channel isn't done yet. 2013-03-18 15:55:55 -04:00
bug7950 Make a parse_config_line_from_str variant that gives error messages 2013-02-19 17:36:17 -05:00
bug7982 Copy-paste description of PathBias params from man page to or.h comment 2013-05-20 12:46:00 -07:00
bug8002 Check for CPUs more accurartely when ONLN != CONF. 2013-02-19 02:34:36 -05:00
bug8014 Be explicit that we want not only nacl but nacl-with-a-fast-curve25519 2013-03-15 11:00:43 -04:00
bug8031 Check more error codes when writing microdescriptors. 2013-03-11 14:51:18 -04:00
bug8037 Reject most directory documents with an internal NUL. 2013-04-17 10:45:27 -04:00
bug8059 Fix a framing bug when reading versions from a versions cell. 2013-03-11 12:29:28 -04:00
bug8062 Increase link_proto field to 2 bytes 2013-03-11 12:34:14 -04:00
bug8065 Downgrade an assert to LD_BUG 2013-02-19 15:02:08 -05:00
bug8093.part1 Downgrade the unexpected sendme cell warnings for 0.2.4 2013-05-21 13:45:21 -04:00
bug8117 Per-SOCKSPort configuration for bug 8117 fix. 2013-03-20 16:17:06 -04:00
bug8121 Tolerate curve25519 backends where the high bit of the pk isn't ignored 2013-02-07 14:09:01 -05:00
bug8151 Include a flag-thresholds line in each vote to describe flag cutoffs 2013-02-04 13:44:05 -05:00
bug8158 Coalesce identical adjacent microdescriptor vote lines. 2013-02-08 12:09:46 -05:00
bug8161 Changes file for path use bias threshold changes. 2013-02-07 14:30:58 -05:00
bug8180 Upgrade the warn for EntryNodes without UseEntryGuards to an error 2013-03-15 12:34:29 -04:00
bug8185_diagnostic Debugging log for bug 8185 2013-03-19 17:00:40 -04:00
bug8200 Refactor resolve_my_address() so logs are more accurate / helpful 2013-02-11 13:29:56 -05:00
bug8203 Make stream events for RESOLVE lookups more consistent 2013-03-18 15:13:59 -04:00
bug8207 Make hidden service authorization work again. 2013-02-11 15:42:57 -05:00
bug8208 Check whether ei is non-NULL before altering it. 2013-02-11 16:05:03 -05:00
bug8209 Make _SC_OPEN_MAX actually get used when closing fds before exec. 2013-02-11 16:27:35 -05:00
bug8210 Fix a nigh-impossible overflow in cpuworker.c 2013-02-11 16:46:38 -05:00
bug8218 Authorities were adding downtime for every relay every restart 2013-02-14 17:02:22 -05:00
bug8231 Changes file for bug8231 (duplicate directory guards) 2013-02-14 12:12:48 -05:00
bug8235-diagnosing Changes file. 2013-04-03 09:32:21 -04:00
bug8253-fix Changes file for 8235. 2013-04-24 22:03:02 -04:00
bug8273 Prefer measured bandwidths over advertised when computing things for votes on a dirauth 2013-02-27 19:43:50 -08:00
bug8290 Remove some lingering tsocks cruft. 2013-02-27 19:39:57 -05:00
bug8377 Make sure that [::1] is recognized as a private address 2013-03-01 12:22:57 -05:00
bug8408 Let testing networks override ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 2013-03-20 13:34:57 -04:00
bug8427 Don't warn about not sending a socks reply if we get a write error 2013-03-12 17:36:09 -04:00
bug8435 Ignore advertised bandwidths if we have enough measured bandwidths available 2013-03-18 11:15:21 -07:00
bug8464 Check for 0.2.4.8, not 0.2.4.7, to determine EXTEND2 support 2013-03-18 14:23:19 -04:00
bug8475 Apply ClientDNSRejectInternalAddresses to IPv6 in RESOLVED cells 2013-03-14 11:19:08 -04:00
bug8477-easypart Make circuit_purpose_to_string handle CIRCUIT_PURPOSE_PATH_BIAS_TESTING 2013-03-14 12:06:03 -04:00
bug8587 Fix two dump bugs in "whether we can use curve25519-donna-c64" test 2013-03-25 10:07:41 -04:00
bug8596 Controller: Add CACHED keyword to ADDRMAP events (#8596 part 2/2) 2013-04-03 18:50:51 +02:00
bug8598 Add some missing case values to please clang 2013-03-27 21:04:08 -04:00
bug8599 Add a changes file for #8599 2013-03-28 09:33:24 -04:00
bug8638 test.c: Try to create a more random temporary directory for our workspace (re: Bug#8638) 2013-04-05 16:51:48 -04:00
bug8639 When launching a resolve request on behalf of an AF_UNIX control, omit the address field of the new entry connection. Fixes bug 8639. 2013-05-31 15:35:51 -07:00
bug8711 Add a boolean to flag-thresholds for "we have enough measured bandwidth" 2013-04-18 22:43:52 -04:00
bug8716 Fix memory leak when sending configuration-changed event 2013-04-17 11:34:15 -04:00
bug8719 Don't leak a waiting-for-certs consensus when accepting it. 2013-04-17 11:53:52 -04:00
bug8822 Unmap the microdescriptor cache before replacing it. 2013-06-12 12:04:33 -04:00
bug8833 Fix 8833: crash bug from using NULL node->ri in dirserv.c 2013-05-05 18:52:53 -04:00
bug8844 Don't run off the end of the array-of-freelists 2013-05-09 13:10:48 -04:00
bug8845 Fix bug 8845: check the right length of memory in aes unit tests 2013-05-08 12:59:43 -04:00
bug8846 Fix bug 8846: better log message on IP version confusion 2013-05-17 14:50:45 -04:00
bug8879 Fix socks5 handshake for username/password auth 2013-05-15 03:34:37 -04:00
bug8965 Remove various outdated documents. 2013-06-12 21:11:49 -04:00
bug9002 Limit hidden service descriptors to at most 10 guard nodes. 2013-06-16 20:24:48 -04:00
bug9017 Fix (Open?)BSD fast-connect bug with optimistic data. 2013-06-10 12:14:49 -04:00
bug9047 If we write the annotation but not the microdescriptor, rewind. 2013-06-13 12:29:01 -04:00
bug9063 Don't queue more cells as a middle relay than the spec allows to be in flight 2013-06-13 21:53:36 -07:00
bug9063_redux Implement a real OOM-killer for too-long circuit queues. 2013-06-18 10:15:16 -04:00
bug9072 Disable middle relay queue overfill detection code due to possible guard discovery attack 2013-06-15 02:16:00 -07:00
bug9093 Improved circuit queue out-of-memory handler 2013-11-07 12:15:30 -05:00
bug9122 Fix bug 9122: don't allow newdefaultoptions to be NULL 2013-06-24 12:53:37 -04:00
bug9147 Give a warning when bufferevents are enabled. 2013-06-29 03:45:40 -04:00
bug9200 FIx undefined behavior in dirvote.c 2013-07-03 12:01:37 -04:00
bug9213_doc Fix documentation of torrc search order 2014-04-01 20:56:03 -04:00
bug9254 Re-do a cast in order to make old buggy freebsd gcc happy 2013-07-16 14:48:12 -04:00
bug9288 Fix invalid-read when a managed proxy configuration fails. 2013-07-31 13:56:07 -04:00
bug9295 Fix for bug 9295: Don't crash when running --hash-password. 2013-07-18 23:15:46 -04:00
bug9309 Fix bug9309, and n_noncanonical count/continue code 2013-07-23 11:52:10 +02:00
bug9337 Avoid assertion failure on unexepcted address family in DNS reply. 2013-07-26 15:33:46 +02:00
bug9354 NumDirectoryGuards now tracks NumEntryGuards by default 2013-07-30 12:05:39 -04:00
bug9366 Don't allow all ORPort values to be NoAdvertise 2013-08-05 12:14:48 -04:00
bug9393 Correct the URL in the "a relay on win95???" message 2014-03-06 09:57:42 -05:00
bug9400 Avoid a double-close on one failing case of the socketpair replacement code 2013-09-03 15:38:25 -04:00
bug9543 Add a 30-day maximum on user-supplied MaxCircuitDirtiness 2013-08-21 11:35:00 -04:00
bug9546 Make bridges send AUTH_CHALLENGE cells 2013-08-21 11:29:19 -04:00
bug9564 Replace return with continue in update_consensus_networkstatus_downloads 2013-08-22 10:00:37 -04:00
bug9596 Increase POLICY_BUF_LEN to 72 to accomodate IPv6 exit policy items. 2013-08-26 11:30:09 -04:00
bug9602 Attribute bug 9602 to a version. 2014-02-07 10:38:00 -05:00
bug9644 When freeing a cert_list_t, avoid memory leak. 2013-09-19 12:22:49 -04:00
bug9645a Fix bug 9645: don't forget an md just because we can't save it. 2013-09-03 14:25:01 -04:00
bug9671_023 use !cbt_disabled in place of LearnCBT to avoid needless circs 2013-09-04 15:54:05 -04:00
bug9700 Fix unittest compilation with --disable-curve25519 2014-03-20 13:53:32 -04:00
bug9716 Try using INT_MAX, not SOMAXCONN, to set listen() backlog. 2013-09-11 13:30:45 -04:00
bug9731 Don't apply read/write buckets to cpuworker connections 2013-09-13 13:39:18 -04:00
bug9776 Always call circuit_n_chan_done(chan, 0) from channel_closed() 2013-09-24 10:42:12 -04:00
bug9780 Switch ECDHE group default logic for bridge/relay TLS 2013-10-08 16:32:07 -04:00
bug9880 Fix a bug in our bug 9776 fix. 2013-10-02 22:20:18 -04:00
bug9904 When examining interfaces to find an address, discard non-up ones. 2013-10-08 16:46:29 -04:00
bug9927 Generate bootstrapping status messages for microdescs too 2013-10-08 11:32:02 -04:00
bug9928 Give credit to bug reporter for 9928 2013-10-08 12:06:06 -04:00
bug9946 be willing to bootstrap from all three of our directory guards 2013-10-12 10:42:27 -04:00
bug10124 missing changes file for #10124 2013-11-11 10:49:44 -05:00
bug10402 Never allow OpenSSL engines to replace the RAND_SSLeay method 2013-12-18 11:53:07 -05:00
bug10409 Avoid free()ing from an mmap on corrupted microdesc cache 2013-12-16 13:06:00 -05:00
bug10423 Avoid double-free on failure to dump_descriptor() a cached md 2013-12-17 13:12:52 -05:00
bug10456 Fix a logic error in circuit_stream_is_being_handled. 2013-12-21 10:15:09 -05:00
bug10465 Fix automapping to ipv6 2013-12-22 17:19:22 -05:00
bug10470 Clarify DirPort multiplicity 2013-12-23 19:00:46 -05:00
bug10485 Deliver circuit handshake counts as part of the heartbeat 2014-02-06 13:03:01 -05:00
bug10777_internal_024 Don't treat END_STREAM_REASON_INTERNAL as total circuit failure 2014-02-09 21:35:14 -05:00
bug10793 changelog for 10793 2014-02-06 16:09:12 -05:00
bug10835 Survive fedora's openssl in our benchmarks 2014-02-07 17:36:11 -05:00
bug10870 Excise the insertion_time_elem_t logic 2014-02-10 13:55:27 -05:00
bug10904 changes file for bug 10904 2014-02-14 23:51:14 -05:00
bug10929 add changes file for bug 10929 2014-02-17 23:06:18 +00:00
bug11437 Fix a small memory leak when resolving PTR addresses 2014-04-07 23:29:47 -04:00
bug11513 New sort order for server choice of ciphersuites. 2014-04-14 14:16:49 -04:00
cov980650 Fix a copy-and-paste issue found by coverity 2013-02-11 14:42:33 -05:00
doc-heartbeat-loglevel Document the correct loglevel for the heartbeat message 2013-08-16 21:59:41 -04:00
easy.ratelim Wrapper function for the common rate-limited-log pattern. 2012-12-26 11:07:11 -05:00
feature4994 use microdescriptors if *any* of our bridges can handle them 2013-02-02 08:04:20 -08:00
feature9574 add a changes entry for ticket 9574 2013-09-04 23:21:46 -04:00
feature9777 Discard circuit paths on which nobody supports ntor 2014-02-07 10:45:34 -05:00
fix-geoipexclude-doc Manpage: refer to ExcludeExitNodes, not the nonexistent ExcludeEntryNodes 2013-04-13 18:28:06 -04:00
geoip6-february2014 Update geoip6 to the February 2014 GeoIP database. 2014-02-13 19:04:51 +01:00
geoip-apr2013 Update to the April 2013 GeoIP database. 2013-04-08 12:18:40 +02:00
geoip-august2013 Update to the August 2013 GeoIP database. 2013-08-12 15:26:36 +02:00
geoip-feb2013 Update to the February 2013 GeoIP database. 2013-02-08 14:39:25 +01:00
geoip-february2014 Update to the February 2014 GeoIP database. 2014-02-08 12:09:37 +01:00
geoip-february2014-regcountry Fix geoip by falling back to registered countries. 2014-02-25 13:28:34 +01:00
geoip-july2013 Update to the July 2013 GeoIP database. 2013-07-08 10:21:28 +02:00
geoip-june2013 Update to the June 2013 GeoIP database. 2013-06-05 08:43:03 +02:00
geoip-mar2013 Update to the March 2013 GeoIP database. 2013-03-07 20:58:31 +01:00
geoip-may2013 Update to the May 2013 GeoIP database. 2013-05-13 15:37:43 +02:00
geoip-october2013 Update to the October 2013 GeoIP database. 2013-10-11 13:36:30 +02:00
geoip-september2013 Update to the September 2013 GeoIP database. 2013-09-10 15:00:06 +02:00
integers_donna Use torint.h in curve25519-donna*.c 2013-02-14 15:34:38 -05:00
less_charbuf_usage Initial changelog for less_charbuf 2013-04-18 11:04:57 -04:00
log-noise Changes file for 8230, 8477 and 8419. 2013-03-29 12:21:28 -04:00
no_client_timestamps_024 Avoid error by not saying which intro cell type I mean 2013-09-20 11:00:27 -04:00
signof_enum Have autoconf check whether enums are signed. 2013-02-07 16:30:32 -05:00
ticket2267 Refactor resolve_my_address() so logs are more accurate / helpful 2013-02-11 13:29:56 -05:00
ticket8240 Make the guard lifetime configurable and adjustable via the consensus 2013-03-19 16:02:19 -04:00
ticket8443 randomize SSLKeyLifetime by default 2013-03-10 23:38:18 -04:00
ticket9658 collect and log statistics about onionskins received/processed 2013-09-05 01:44:52 -04:00
ticket9866 Changes file for 9866 2013-10-08 16:06:36 -04:00
v3_intro_len Fix an uninitialized-read when parsing v3 introduction requests. 2013-08-10 17:49:51 -04:00
warn-unsigned-time_t Warn at configure time when time_t is unsigned 2013-03-11 15:33:44 -04:00