[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 10 Oct 2012 03:35:03 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 09 Oct 2012 23:35:12 -0400
In-reply-to: <046.4b141a164ceea4384a7539fc0365d654@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.4b141a164ceea4384a7539fc0365d654@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7070: tor disables the SSLv3 for OpenSSL 1.0.0j
--------------------+-------------------------------------------------------
 Reporter:  kukabu  |          Owner:       
     Type:  defect  |         Status:  new  
 Priority:  normal  |      Milestone:       
Component:  Tor     |        Version:       
 Keywords:          |         Parent:  #4822
   Points:          |   Actualpoints:       
--------------------+-------------------------------------------------------

Comment(by nickm):

 Okay, this is a problem that we have with Fedora perpetually.  Within each
 Fedora release, they freeze the OpenSSL version number reported by
 SSLeay() and by OPENSSL_VERSION_NUMBER, even when they upgrade to a newer
 OpenSSL.  So even though you have "1.0.0j" according to the human-readable
 version string, it's calling itself an alpha or beta version of OpenSSL
 1.0.0, and Tor can'd tell that it's really been upgraded.

 I'm not sure what the right behavior is here, but I think our best bet
 might be to just treat this as Fedora being Fedora, and accept that we
 will sometimes mistake a Fedora openssl for an older one than it really
 is.  Other approaches -- like testing for the presence of the bug at
 runtime, or trying to parse the human-readable version string -- seem like
 they would be error-prone too, just in different ways.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7070#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7077 [Tor]: Tor exits with 'descriptor at <address> begins with unexpected string ""'
Next by Author: Re: [tor-bugs] #7038 [Tor]: command_process_create_cell() rate_limit_log is pointless
Previous by thread: Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
Next by thread: Re: [tor-bugs] #7070 [Tor]: tor disables the SSLv3 for OpenSSL 1.0.0j
Index(es):
- Author
- Thread