[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Latest openssl update breaks Tor

To: or-talk@xxxxxxxxxxxxx
Subject: Latest openssl update breaks Tor
From: Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
Date: Sat, 20 Nov 2010 19:52:56 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 20 Nov 2010 13:53:06 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Hey *,

the most recent openssl security update [0] breaks Tor. According to

our analysis so far, Tor isn't affected by the actual security issue,but

the patch as applied in openssl versions 1.0.0b and 0.9.8p causes
Tor to fail its handshake as a relay.

If you run a relay and have already upgraded your libssl, please
don't restart your relay unless you have to because it will otherwise
stop working. If you haven't upgraded, please verify whether any
other applications are affected and if not consider delaying the
upgrade.

So far I haven't been able to find a way to work around this issue
from inside Tor, but hopefully a fix can be developed soon.

Thanks for running relays!

Sebastian

[0]: https://blog.torproject.org/blog/new-openssl-vulnerability-tor-not-affected
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Prev by Author: Re: U.S. begins censoring Internet at U.K.'s request
Next by Author: Re: RefuseUnknownExits in v0.2.2.17
Previous by thread: Re: Problem with 'tor 0.2.2.18-alpha-1~lucid+1' and/or 'openssl 0.9.8k-7ubuntu8.4' [resolved]
Next by thread: RefuseUnknownExits in v0.2.2.17
Index(es):
- Author
- Thread