[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Help testing patch on SandyBridge/IvyBridge? Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled
this is logged as trac ticket:
FreeBSD project announced RDRAND not to be used directly, with OpenSSL
you are using a Tor built against openssl-1.0.1-beta1 through openssl-1.0.1e
you have set HardwareAccel 1
you should implement one of the remedies below!
help coderman test mitigation patch:
if on Sandy Bridge, Ivy Bridge, other Intel CPU with RDRAND.
- re-build your OpenSSL with OPENSSL_NO_RDRAND defined
- re-build your Tor with DISABLE_ENGINES defined
- update to latest git openssl or cherry pick commit: "Don't use
rdrand engine as default unless explicitly requested." - Dr. Stephen
0. "FreeBSD Developer Summit: Security Working Group, /dev/random"
1. "Surreptitiously Tampering with Computer Chips"
2. "How does the NSA break SSL? ... Weak random number generators"
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to