Re: [tor-bugs] #8179 [Tor]: stitched aes-ni ciphers in openssl 1.0.1d seems to break SSL Handshakes/Renegotiations

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#8179: stitched aes-ni ciphers in openssl 1.0.1d seems to break SSL
Handshakes/Renegotiations
----------------------------------------------------------+-----------------
 Reporter:  ruebezahl                                     |          Owner:                     
     Type:  defect                                        |         Status:  new                
 Priority:  critical                                      |      Milestone:  Tor: 0.2.4.x-final 
Component:  Tor                                           |        Version:  Tor: 0.2.4.10-alpha
 Keywords:  openssl tor-client backport-022 backport-023  |         Parent:                     
   Points:                                                |   Actualpoints:                     
----------------------------------------------------------+-----------------

Comment(by nickm):

 I can confirm that, for me, the attached "disable-stitched-aes.diff" patch
 makes Tor work again, by disabling those ciphersuites.

 This isn't the right fix though, since:

  * It's an openssl bug.
  * We should try to detect when stitched AES is broken and disable it
 then, and not just do it by trying to detect whether the version is 1.0.1d
 specifically.
  * It'll need a backport to 0.2.2 and 0.2.3.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8179#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs