[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Compatibility issue with OpenSSL 1.1.1a

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed, 28 Nov 2018 07:47:05 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 28 Nov 2018 07:47:31 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi, folks!

You should know that there is a compatibility issue between Tor and
OpenSSL 1.1.1a, when TLS 1.3 is in use.  Only OpenSSL 1.1.1a is
affected; other OpenSSL versions are not.  The effect here is that Tor
relays using this version of OpenSSL will not be able to negotiate TLS
1.3 connections with one another.

This is caused by a regression in OpenSSL 1.1.1a's implementation of
tls13_hkdf_expand() function.  For more information, see
https://trac.torproject.org/projects/tor/ticket/28616

We're looking into possible mitigations.

best wishes,
-- 
Nick
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] Running relay on vmware ? is it secure to use Tor on virtual systems ?
Next by Author: Re: [tor-relays] tor relay - impact on e-mail system reputation
Previous by thread: Re: [tor-relays] Is There A Windows CMD Command To Update Tor.exe?
Next by thread: [tor-relays] Conrad Rockenhaus
Index(es):
- Author
- Thread