[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Fwd: Re: Still problems with TLS negotiation



Hans Schnehl wrote:

 On Sat, Jan 02, 2010 at 07:53:03PM +0100, Hans de Hartog wrote:

 Hi,

 I upgraded all my servers from FreeBSD 7.2-RELEASE-p4 to 8.0-RELEASE
 and tor stopped working because of the TLS renegotiation problem.
 So I upgraded to tor 0.2.1.21 (promised to solve that problem) but the
 problem
 is still there. Going back to FreeBSD 7.2 is no option so I tried tor
 0.2.2.6-alpha.


 You need to compile the mentioned versions of Tor against openssl-0.9.8.l,
 which is the one in the FreeBSD ports tree. neither 7-stable or 8-stable
 ship with openssl-0.9.8.l, but the versions or Tor you are trying to run
 need that version of openssl.



 Still no go. However, the error message (TLS error: unexpected close while
 renegotiating) is now suffixed with (SSL_ST_OK) but tor isn't doing any
 usefull
 work.
 If it helps: openssl version: 0.9.8k 25 Mar 2009 (I can not change that,
 it's part
 of the base system).

 You do not need to change that, just install the ports version in
 addition.



 So, this was the end of a faithfull tor-supporting system, running for
 months as
 an exit-router... :-(

 No, it is not ! Keep going, please :) There is a thread under Tor-relays
 dealing exactly with this issue. If you want to skip the 'introduction'
 you may want to see :
 http://archives.seul.org/tor/relays/Dec-2009/msg00013.html

 which handles how to compile Tor  against openssl-0.9.8.l by using the ports
 systems built in routines.

 If you wish not to use this routine just scroll down and you will find a
 description of how to do without.



 Regards,
 Hans.

 dito
 ***********************************************************************
 To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
 unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/


Thanks a lot! Tor is running again!

Summary (for FreeBSD 8.0-RELEASE):
 - install openssl from /usr/ports/security/openssl (which is version
0.9.8l)
 - add WITH_OPENSSL_PORT=YES to /etc/make.conf
 - rebuild and install tor from /usr/ports/security/tor (which is
version 0.2.1.21)
 - /usr/local/etc/rc.d/tor restart

Regards,
Hans.

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/