[Tor2web-talk] tor2web 3.1.21 poodlebleed free released!
Giovanni Pellerano
giovanni.pellerano at evilaliv3.org
Tue Oct 21 00:51:56 CEST 2014
hi all!
discussing with some of you about the poodlebleed bug we decided to
stop the support for SSLv3 and i've released a new version that
disable it.
it would be nice if you all that run a tor2web node can update to the
latest version.
https://www.ssllabs.com/ssltest/analyze.html?d=antani.tor2web.org
http://poodlebleed.com/
in addition i'm starting to thinki it would be a good idea to think
about changing the tor2web.org certificate for two reasons:
- it's still the same from time the heartbleed bug
- it makes use of SHA1 signatures
(https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know)
when we will decide to do this change there would be some problem due
to the fact that our certificate is pinned in google crome :( any idea
on how to manage this?
best,
evilaliv3
More information about the Tor2web-talk
mailing list