Skip to main content
Home

The Tor Project

Enter the terms you wish to search for.

Main menu

  • About Tor
  • Donate

Advisory: remote DoS when using Tor with recent OpenSSL versions built with the "no-ssl3" option

by phoul | October 20, 2014

This is a copy of the message Nick Mathewson sent to the tor-talk &

New SSLv3 attack found: Disable SSLv3 in TorBrowser

by nickm | October 14, 2014

Hi! It's a new month, so that means there's a new attack on TLS.

  • 17 comments

What the "Spoiled Onions" paper means for Tor users

by phw | January 23, 2014

Together with Stefan, I recently published the paper "Spoiled Onions: Exposing Malicious Tor Exit Relays".

  • 37 comments

Tor and the BEAST SSL attack

by nickm | September 23, 2011

Today, Juliano Rizzo and Thai Duong presented a new attack on TLS <= 1.0 at the Ekoparty security conference in Buenos Aires.

  • 36 comments

The MD5 certificate collision attack, and what it means for Tor

by nickm | December 30, 2008

Today, a team of security researchers and cryptographers gave a talk at the 25th Chaos Communication Congress (25C3), about a

  • 7 comments

Upcoming Events

April 26, 2019
Tor Meetup (Hamburg)
April 27, 2019
Flisol Bogotá
May 03, 2019 - May 04, 2019
CryptoRave (São Paulo)
June 11, 2019 - June 14, 2019
RightsCon (Tunis)
July 16, 2019 - July 20, 2019
PETS (Stockholm)
See All Upcoming Events

Recent Updates

New Release: Tor Browser 8.5a11

by boklm | April 16, 2019

Tor Browser 8.5a11 is now available from the Tor Browser Alpha download page and also from our

Ecuador: Free Ola Bini

by isabela | April 15, 2019

 

New Release: Tor 0.4.0.4-rc

by nickm | April 11, 2019

There's a new release candidate available for download. If you build Tor from source, you can download the source code for 0.4.0.4-rc from dist.torproject.org (pgp signature). Packages should be available over the coming weeks, with a new alpha Tor Browser release by early next week.

Remember, this isn't the stable release yet. You should only run this if you'd like to find and report more bugs than usual.

Tor 0.4.0.4-rc is the first release candidate in its series; it fixes several bugs from earlier versions, including some that had affected stability, and one that prevented relays from working with NSS.

Changes in version 0.4.0.4-rc - 2019-04-11

  • Major bugfixes (NSS, relay):
    • When running with NSS, disable TLS 1.2 ciphersuites that use SHA384 for their PRF. Due to an NSS bug, the TLS key exporters for these ciphersuites don't work -- which caused relays to fail to handshake with one another when these ciphersuites were enabled. Fixes bug 29241; bugfix on 0.3.5.1-alpha.
  • Minor features (bandwidth authority):
    • Make bandwidth authorities ignore relays that are reported in the bandwidth file with the flag "vote=0". This change allows us to report unmeasured relays for diagnostic reasons without including their bandwidth in the bandwidth authorities' vote. Closes ticket 29806.
    • When a directory authority is using a bandwidth file to obtain the bandwidth values that will be included in the next vote, serve this bandwidth file at /tor/status-vote/next/bandwidth. Closes ticket 21377.

 

How Bandwidth Scanners Monitor The Tor Network

by juga | April 11, 2019

The Tor network is comprised of thousands of volunteer-run relays around the world, and millions of people rely on it for privacy and freedom online everyday.

© 2019 The Tor Project

Footer

  • The Tor Project
  • RSS
  • Donate