Closed dwtj closed 9 years ago
We're currently doing the standard (pre-endpoints) Twisted way of connecting via TLS. Can you clarify what you mean by "secure" here?
I can think of a few reasons that it's not secure, but I'm not sure these are what you're referring to (I'm guessing not):
It's not clear to me whether or not we have to use SSLv23_METHOD
as our method, but if we don't we definitely should upgrade this. I'll play around with it and see if we can pop this up to TLSv1_METHOD
.
Are there any other definitions of secure you were considering here?
Closed in 6601cdc7e3.
We're now doing much better error handling and cleanup, properly checking certificates as specified in tor-spec, and tearing things down when appropriate.
We should maybe be using Twisted endpoints, if possible, but that's not relevant to this issue.
Is the way in which we are opening the transport secure?