[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Your Tor relay might be affected by Debain OpenSSL flaw
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Your Tor relay might be affected by Debain OpenSSL flaw
- From: "Matt LaPlante" <cyberdog3k@xxxxxxxxx>
- Date: Wed, 14 May 2008 11:20:35 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Wed, 14 May 2008 12:20:45 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=E26QPr+HZ78OnE3e4vAkpAC1pCyAw652M5Pv6t6fiss=; b=fzkz2whk+3Bj++fmI9l/vWpLuxdvmEtGNMMjIIhTF9lsrN9oGJL6rcecH6DQoJRsUVf62Uy18C1aao3jxjB2GTvqFrd3ZbnOhazqRMOS9J+kZudXg7mDYQ9gc7JjkoXRGaOd6CHOQRe82432CUeUJDZY9MGIcot4EFxfxcPhZNY=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pkB4PXtUGQW38m+j7/Jt/hO7SiLyRjqDrEsto2NN09iHx3IwxNYkb/mBkceUIxVK9UPvgIyjToQVHfYUJIY1Q3CZdq7SflRaNOEBPDDanm752nErnRju7S4Ri210I1Oyhxq9/TPMsFfbFYnXnbTEkT8/plkjaaNA48vmII+3EWw=
- In-reply-to: <20080514161440.GX4453@xxxxxxxxxxxxxx>
- References: <cbb8f04c0805140910p6f199e75y5c193cfa396e2d27@xxxxxxxxxxxxxx> <20080514161440.GX4453@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Wed, May 14, 2008 at 11:14 AM, Roger Dingledine <arma@xxxxxxx> wrote:
> On Wed, May 14, 2008 at 11:10:24AM -0500, Matt LaPlante wrote:
>> I received a notice earlier today stating that "Your Tor relay might
>> be affected by Debain OpenSSL flaw." I had already regenerated my
>> secret keys following the procedure given in the tor-announce notice
>> (after having updated ssl/ssh/etc). Regardless, my node still appears
>> blacklisted. Is this list static? The notice unfortunately did not
>> seem to document the re-enabling procedure for corrected nodes.
>
> We blacklisted nodes by their weak keys. So if you come back with the same
> (weak) key, you'll still be blacklisted -- but that's as it should be.
>
> Perhaps you could provide more details?
I'm no Tor expert, but based on the announcement I:
apt-get update
apt-get upgrade [ssl is now ubuntu hardy latest]
/etc/init.d/tor stop
rm /var/lib/tor/keys/secret_*
/etc/init.d/tor start
My server log then gives me:
May 14 09:01:30.488 [warn] Received http status code 404 ("Not found")
from server '...' while fetching "/tor/status/fp/...". I'll try again
soon.
Which I assume is because I'm still blocked. Am I missing a step in
the procedure, or misinterpreting the log?
>
> --Roger
>
>