http://bugzilla.opensuse.org/show_bug.cgi?id=902476 Bug ID: 902476 Summary: tor: disable SSL3 (POODLE) Classification: openSUSE Product: openSUSE Distribution Version: 13.2 RC 1 Hardware: All OS: openSUSE 13.1 Status: CONFIRMED Severity: Minor Priority: P5 - None Component: Security Assignee: Andreas.Stieger@gmx.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: security-team@suse.de Found By: --- Blocker: --- https://gitweb.torproject.org/tor.git?a=blob_plain;hb=release-0.2.4;f=Releas... Changes in version 0.2.4.25 - 2014-10-20 Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack (even though POODLE does not affect Tor). It also works around a crash bug caused by some operating systems' response to the "POODLE" attack (which does affect Tor). o Major security fixes (also in 0.2.5.9-rc): - Disable support for SSLv3. All versions of OpenSSL in use with Tor today support TLS 1.0 or later, so we can safely turn off support for this old (and insecure) protocol. Fixes bug 13426. o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc): - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or 1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug 13471. This is a workaround for an OpenSSL bug. openSUSE:12.3:Update 0.2.4.24 openSUSE:13.1:Update 0.2.4.24 openSUSE:13.2 0.2.4.24 openSUSE:Factory 0.2.4.24 -- You are receiving this mail because: You are on the CC list for the bug.