[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Your Tor relay might be affected by Debain OpenSSL flaw



On Wed, May 14, 2008 at 11:14 AM, Roger Dingledine <arma@xxxxxxx> wrote:
> On Wed, May 14, 2008 at 11:10:24AM -0500, Matt LaPlante wrote:
>>   I received a notice earlier today stating that "Your Tor relay might
>> be affected by Debain OpenSSL flaw."  I had already regenerated my
>> secret keys following the procedure given in the tor-announce notice
>> (after having updated ssl/ssh/etc).  Regardless, my node still appears
>> blacklisted.  Is this list static?  The notice unfortunately did not
>> seem to document the re-enabling procedure for corrected nodes.
>
> We blacklisted nodes by their weak keys. So if you come back with the same
> (weak) key, you'll still be blacklisted -- but that's as it should be.
>
> Perhaps you could provide more details?

I'm no Tor expert, but based on the announcement I:

apt-get update
apt-get upgrade   [ssl is now ubuntu hardy latest]
/etc/init.d/tor stop
rm /var/lib/tor/keys/secret_*
/etc/init.d/tor start

My server log then gives me:
May 14 09:01:30.488 [warn] Received http status code 404 ("Not found")
from server '...' while fetching "/tor/status/fp/...". I'll try again
soon.

Which I assume is because I'm still blocked.  Am I missing a step in
the procedure, or misinterpreting the log?

>
> --Roger
>
>