summaryrefslogtreecommitdiff
path: root/test/integration/rexexpired.sec
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-08-06 13:53:05 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2016-08-11 01:34:39 +0200
commit8665dceb5cf2a197ae270b08066f05c8a2870223 (patch)
tree683af539fcca608f7b0a93d8b141c87e23a763df /test/integration/rexexpired.sec
parentc9c910695185b59aa27b787c1a250497e47b492b (diff)
block direct connections to .onion domains (RFC7687)
Doing a direct connect to an .onion address (if you don't happen to use it as a local domain, which you shouldn't) is bound to fail and does leak the information that you do use Tor and which hidden service you wanted to connect to to a DNS server. Worse, if the DNS is poisoned and actually resolves tricking a user into believing the setup would work correctly… This does block also the usage of wrappers like torsocks with apt, but with native support available and advertised in the error message this shouldn't really be an issue. Inspired-by: https://bugzilla.mozilla.org/show_bug.cgi?id=1228457
Diffstat (limited to 'test/integration/rexexpired.sec')
0 files changed, 0 insertions, 0 deletions