[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Fwd: Latest openssl update breaks Tor



Forwarding just in case someone's not on both lists. -Damian


---------- Forwarded message ----------
From: Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
Date: Sat, Nov 20, 2010 at 10:52 AM
Subject: Latest openssl update breaks Tor
To: or-talk@xxxxxxxxxxxxx


Hey *,

the most recent openssl security update [0] breaks Tor. According to
our analysis so far, Tor isn't affected by the actual security issue, but
the patch as applied in openssl versions 1.0.0b and 0.9.8p causes
Tor to fail its handshake as a relay.

If you run a relay and have already upgraded your libssl, please
don't restart your relay unless you have to because it will otherwise
stop working. If you haven't upgraded, please verify whether any
other applications are affected and if not consider delaying the
upgrade.

So far I haven't been able to find a way to work around this issue
from inside Tor, but hopefully a fix can be developed soon.

Thanks for running relays!

Sebastian

[0]: https://blog.torproject.org/blog/new-openssl-vulnerability-tor-not-affected
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/