Import Upstream version 1.0.35
This commit is contained in:
parent
b28bb7b29b
commit
a04a7bcd67
44 changed files with 4173 additions and 2323 deletions
43
README
43
README
|
|
@ -1,4 +1,4 @@
|
|||
This is the README file for tinc version 1.0.34. Installation
|
||||
This is the README file for tinc version 1.0.35. Installation
|
||||
instructions may be found in the INSTALL file.
|
||||
|
||||
tinc is Copyright (C) 1998-2018 by:
|
||||
|
|
@ -41,24 +41,25 @@ issues are being addressed in the tinc 1.1 branch.
|
|||
|
||||
The Sweet32 attack affects versions of tinc prior to 1.0.30.
|
||||
|
||||
On September 6th, 2018, Michael Yonly contacted us and provided
|
||||
proof-of-concept code that allowed a remote attacker to create an
|
||||
authenticated, one-way connection with a node, and also that there was a
|
||||
possibility for a man-in-the-middle to force UDP packets from a node to be sent
|
||||
in plaintext. The first issue was trivial to exploit on tinc versions prior to
|
||||
1.0.30, but the changes in 1.0.30 to mitigate the Sweet32 attack made this
|
||||
weakness much harder to exploit. These issues have been fixed in tinc 1.0.35.
|
||||
The new protocol in the tinc 1.1 branch is not susceptible to these issues.
|
||||
|
||||
Cryptography is a hard thing to get right. We cannot make any
|
||||
guarantees. Time, review and feedback are the only things that can
|
||||
prove the security of any cryptographic product. If you wish to review
|
||||
tinc or give us feedback, you are strongly encouraged to do so.
|
||||
|
||||
|
||||
Changes to configuration file format since 1.0pre5
|
||||
--------------------------------------------------
|
||||
|
||||
Some configuration variables have different names now. Most notably "TapDevice"
|
||||
should be changed into "Device", and "Device" should be changed into
|
||||
"BindToDevice".
|
||||
|
||||
|
||||
Compatibility
|
||||
-------------
|
||||
|
||||
Version 1.0.31 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
Version 1.0.35 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
versions of tinc. Note that since version 1.0.30, tinc requires all nodes in
|
||||
the VPN to be compiled with a version of LibreSSL or OpenSSL that supports the
|
||||
AES256 and SHA256 algorithms.
|
||||
|
|
@ -67,21 +68,21 @@ AES256 and SHA256 algorithms.
|
|||
Requirements
|
||||
------------
|
||||
|
||||
Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you need to
|
||||
install this library first; grab it from http://www.openssl.org/. You will
|
||||
need version 1.0.1 or later with support for AES256 and SHA256 enabled. If
|
||||
this library is not installed on you system, configure will fail. The manual
|
||||
in doc/tinc.texi contains more detailed information on how to install this
|
||||
library. Alternatively, you may also use LibreSSL.
|
||||
The OpenSSL library is used for all cryptographic functions. You can find it at
|
||||
https://www.openssl.org/. You will need version 1.0.1 or later with support for
|
||||
AES256 and SHA256 enabled. If this library is not installed on your system, the
|
||||
configure script will fail. The manual in doc/tinc.texi contains more detailed
|
||||
information on how to install this library. Alternatively, you may also use the
|
||||
LibreSSL library.
|
||||
|
||||
Since 1.0pre6, the zlib library is used for optional compression. You can
|
||||
find it at http://www.gzip.org/zlib/. Because of a possible exploit in
|
||||
The zlib library is used for optional compression. You can
|
||||
find it at https://zlib.net/. Because of a possible exploit in
|
||||
earlier versions we recommend that you download version 1.1.4 or later.
|
||||
|
||||
Since 1.0, the lzo library is also used for optional compression. You can
|
||||
find it at http://www.oberhumer.com/opensource/lzo/.
|
||||
The LZO library is also used for optional compression. You can
|
||||
find it at https://www.oberhumer.com/opensource/lzo/.
|
||||
|
||||
In order to compile tinc, you will need a GNU C compiler environment.
|
||||
In order to compile tinc, you will need a C99 compliant compiler.
|
||||
|
||||
|
||||
Features
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue