Releasing 1.1pre17.

diff --git a/NEWS b/NEWS
index 1ccf4ce207932d39aa57536dfbb24bad737a347b..a458dd9806c2a8a53057cf82071e423c67b34e59 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,16 @@
+# Version 1.1pre17             October 8 2018
+
+* Prevent oracle attacks in the legacy protocol (CVE-2018-16737,
+  CVE-2018-16738).
+* Prevent a MITM from forcing a NULL cipher for UDP in the legacy protocol
+  (CVE-2018-16758).
+* AutoConnect is now enabled by default.
+* Per-node network traffic statistics are now shown in the output of "info" and
+  "dump nodes" commands.
+
+Thanks to volth and Rafael Sadowski for their contributions to this version of
+tinc.
+

 # Version 1.1pre16             June 12 2018
 
 * Fixed building with support for UML sockets.
 # Version 1.1pre16             June 12 2018
 
 * Fixed building with support for UML sockets.

diff --git a/README b/README
index db6a80e07ff41e852733457b4d3019cf71ea0156..873e2dd28d174c2e6aa5a392353fe6ed1446e016 100644 (file)
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-This is the README file for tinc version 1.1pre16. Installation
+This is the README file for tinc version 1.1pre17. Installation

 instructions may be found in the INSTALL file.
 
 tinc is Copyright © 1998-2018 Ivo Timmermans, Guus Sliepen <guus@tinc-vpn.org>, and others.
 instructions may be found in the INSTALL file.
 
 tinc is Copyright © 1998-2018 Ivo Timmermans, Guus Sliepen <guus@tinc-vpn.org>, and others.


@@ -28,11 +28,25 @@ Security statement
 This version uses an experimental and unfinished cryptographic protocol. Use it
 at your own risk.
 
 This version uses an experimental and unfinished cryptographic protocol. Use it
 at your own risk.
 

+When connecting to nodes that use the legacy protocol used in tinc 1.0, be
+aware that any security issues in tinc 1.0 will apply to tinc 1.1 as well. On
+September 6th, 2018, Michael Yonly contacted us and provided proof-of-concept
+code that allowed a remote attacker to create an authenticated, one-way
+connection with a node using the legacy protocol, and also that there was a
+possibility for a man-in-the-middle to force UDP packets from a node to be sent
+in plaintext. The first issue was trivial to exploit on tinc versions prior to
+1.0.30, but the changes in 1.0.30 to mitigate the Sweet32 attack made this
+weakness much harder to exploit. These issues have been fixed in tinc 1.0.35
+and tinc 1.1pre17. The new protocol in the tinc 1.1 branch is not susceptible
+to these issues. However, be aware that SPTPS is only used between nodes
+running tinc 1.1pre* or later, and in a VPN with nodes running different
+versions, the security might only be as good as that of the oldest version.
+

 
 Compatibility
 -------------
 
 
 Compatibility
 -------------
 

-Version 1.1pre16 is compatible with 1.0pre8, 1.0 and later, but not with older
+Version 1.1pre17 is compatible with 1.0pre8, 1.0 and later, but not with older

 versions of tinc.
 
 When the ExperimentalProtocol option is used, tinc is still compatible with
 versions of tinc.
 
 When the ExperimentalProtocol option is used, tinc is still compatible with


@@ -82,7 +96,7 @@ Ethernet network switch or hub.
 
 Normally, when started tinc will detach and run in the background. In a native
 Windows environment this means tinc will install itself as a service, which will
 
 Normally, when started tinc will detach and run in the background. In a native
 Windows environment this means tinc will install itself as a service, which will

-restart after reboots.  To prevent tinc from detaching or running as a service,
+restart after reboots. To prevent tinc from detaching or running as a service,

 use the -D option.
 
 The status of the VPN can be queried using the "tinc" command, which connects
 use the -D option.
 
 The status of the VPN can be queried using the "tinc" command, which connects

diff --git a/doc/tinc.texi b/doc/tinc.texi
index 03f47177c534d70ffaba4e8eee671ee55afd9831..c7021dd708b7a764b58137719660d3ffcc631f4b 100644 (file)
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@@ -3375,8 +3375,22 @@ that tinc's default length of 4 bytes for the MAC is too short, and he doesn't
 like tinc's use of RSA during authentication. We do not know of a security hole
 in the legacy protocol of tinc, but it is not as strong as TLS or IPsec.
 
 like tinc's use of RSA during authentication. We do not know of a security hole
 in the legacy protocol of tinc, but it is not as strong as TLS or IPsec.
 

-This version of tinc comes with an improved protocol, called Simple Peer-to-Peer Security,
-which aims to be as strong as TLS with one of the strongest cipher suites.
+The Sweet32 attack affects versions of tinc prior to 1.0.30.
+
+On September 6th, 2018, Michael Yonly contacted us and provided
+proof-of-concept code that allowed a remote attacker to create an
+authenticated, one-way connection with a node, and also that there was a
+possibility for a man-in-the-middle to force UDP packets from a node to be sent
+in plaintext. The first issue was trivial to exploit on tinc versions prior to
+1.0.30, but the changes in 1.0.30 to mitigate the Sweet32 attack made this
+weakness much harder to exploit. These issues have been fixed in tinc 1.0.35.
+
+This version of tinc comes with an improved protocol, called Simple
+Peer-to-Peer Security (SPTPS), which aims to be as strong as TLS with one of
+the strongest cipher suites.  None of the above security issues affected SPTPS.
+However, be aware that SPTPS is only used between nodes running tinc 1.1pre* or
+later, and in a VPN with nodes running different versions, the security might
+only be as good as that of the oldest version.

 
 Cryptography is a hard thing to get right. We cannot make any
 guarantees. Time, review and feedback are the only things that can
 
 Cryptography is a hard thing to get right. We cannot make any
 guarantees. Time, review and feedback are the only things that can