[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor fails to build connections after FreeBSD security update

To: tor-relays@xxxxxxxxxxxxxx
Subject: Re: Tor fails to build connections after FreeBSD security update
From: Mike L <jackoroses@xxxxxxxxx>
Date: Sat, 5 Dec 2009 12:03:34 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-relays-outgoing@xxxxxxxx
Delivered-to: tor-relays@xxxxxxxx
Delivery-date: Sat, 05 Dec 2009 12:03:36 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:reply-to:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=YEgMZSBs75yjEov5wr+MjEcKC8zkUvrxUrVY/qKuPJE=; b=mGOgKJ+Vq1Q5miWBpEH6z33eG32RoxTv//nmjwR+wDgSeAzxxxzHnoKvTG9R+plukJ aIZofsvi2nNS3TXXrSbuJPMobLig+eu+arhmn5N4FqwFSzGox/xKvRv6d0OnRuhVU+FM t/sY2PjoO7ZWwXPZ/8aEX3n7SONwFzQJ6dC+8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:content-type; b=gSAPCbJmYlL/Fa0n7CW2p/4+GoroRKy+uBQE769pGcMUOf+EcJtWcUSB0iyQCoY7pu zO+etzO/1DQ3mx/pAGFxgo6LV4Kv0jIvactyAQMvm2lES4Yi69Wf+xSGwbo+ibeycw/A NOD4NrIFFxidgdUaWHAhVOcW8B7p6eb7lEVJA=
In-reply-to: <4B1A8CC5.4000602@xxxxxxxxxxxxxx>
References: <20091205145419.GA15687@tabulara> <4B1A8CC5.4000602@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxx
Sender: owner-tor-relays@xxxxxxxxxxxxxx

Hello
I am currently running Tor v0.2.2.6-alpha (git-1ee580407ccb9130) and this is the error I receive running it.

Dec 5 11:50:15 XXX Tor[1300]: TLS error: unexpected close while renegotiating (SSL_ST_OK)
Dec 5 11:50:18 XXX Tor[1300]: Tor has successfully opened a circuit. Looks like client functionality is working.
Dec 5 11:50:18 XXX Tor[1300]: Bootstrapped 100%: Done.
Dec 5 11:50:18 XXX Tor[1300]: Now checking whether ORPort X.X.X.X:9001 and DirPort X.X.X.X:9030 are reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Dec 5 11:50:18 XXX Tor[1300]: TLS error: unexpected close while renegotiating (SSL_ST_OK)
it than goes on to repeat the message once a minute in the log.
sockstat does show several connections yet I wonder if they are actually able to relay through?

On Sat, Dec 5, 2009 at 11:39 AM, Andrew Lewman <andrew@xxxxxxxxxxxxxx> wrote:

On 12/05/2009 09:54 AM, Hans Schnehl wrote:
> [snip]]
> NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate
> SSL / TLS session parameters. As a result, connections in which the other
> party attempts to renegotiate session parameters will break. In practice,
> however, session renegotiation is a rarely-used feature, so disabling this
> functionality is unlikely to cause problems for most systems.
> [snip]

Tor initiates a ssl renegotiate at the start of a circuit, the latest
openssl breaks tor. The fixes for this are currently in -alpha only.
The 0.2.1.21-dev in git also contains the fix. We're testing
0.2.2.6-alpha right now,
https://blog.torproject.org/blog/tor-0226-alpha-released. Please try
0.2.2.6-alpha and let us know if it works.

If 0.2.2.6-alpha is shown to work well, then we'll release
0.2.1.21-stable soon.

Thanks for running a relay!

--
Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject

References:
- Tor fails to build connections after FreeBSD security update
  - From: Hans Schnehl
- Re: Tor fails to build connections after FreeBSD security update
  - From: Andrew Lewman

Prev by Author: Re: Tor fails to build connections after FreeBSD security update
Next by Author: Re: [SOLVED] Re: Tor fails to build connections after FreeBSD security update
Previous by thread: Re: Tor fails to build connections after FreeBSD security update
Next by thread: Re: Tor fails to build connections after FreeBSD security update
Index(es):
- Author
- Thread