Tor 4.0 released; SSL3 disabled thanks to POODLE


The Tor Project has released Tor 4.0 with a number of security fixes to Firefox on top of the disabled SSL3 owing to recent POODLE attack.

Though the new version packs a number of fixes, the first and foremost change that users will observe is the transition to Firefox 31-ESR.

Tor 4.0 has been made more accessible to internet-censored countries including the likes of China allowing them to bypass geo-locking in order to gain full access to the internet. This has been achieved through addition of three versions of the meek pluggable transport.

“In fact, we believe that both meek-amazon and meek-azure will work in China today, without the need to obtain bridge addresses”, notes The Tor Project in a blog post.

Tor 4.0 also brings with it an in-browser updater. Users have been advised not to unzip the new Tor over the previous version as the directory structure has been completely reorganized to facilitate the in-browser updater.

“There are also a couple behavioral changes relating to NoScript since 3.6. In particular, by default it now enforces script enable/disable for all sub-elements of a page, so you only need to enable scripts once for a page to work, rather than enabling many sub-scripts”, adds The Tor Project.

You can download Tor 4.0 from here.