[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: onion_skin_client_handshake failed.



On Sat, Sep 26, 2009 at 06:16:59PM -0400, Wyllys Ingersoll wrote:
> Im trying to run a tor relay (v2.1.19) and am seeing the following errors repeatedly:
> 
> Sep 26 18:16:03 spyglass Tor[851]: [ID 702911 daemon.warning] onion_skin_client_handshake failed.
> Sep 26 18:16:03 spyglass Tor[851]: [ID 702911 daemon.warning] circuit_finish_handshake failed.
> Sep 26 18:16:03 spyglass Tor[851]: [ID 702911 daemon.warning] Digest DOES NOT MATCH on onion handshake. Bug or attack.
> 
> I'm not sure how to fix this - any suggestions?

How odd. What's happening is your Tor is trying to extend a circuit
(this is a client-side circuit, that is, a circuit that your Tor could
use for its own connections), and you send your half of the handshake,
and get back the other half of the handshake. Then you compute what you
think the session key should be (based on both halves of the handshake),
and compare that to what the fellow on the other end thought the session
key should be. They don't match.

Has anybody else been seeing these?

If not, my guess is there's something weird with your hardware or
your openssl libs. You don't happen to be using some sort of crypto
accelerator, do you? :) If so, try turning it off and see if the problems
go away.

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/