[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TLS Man-In-The-Middle Vulnerability

On Mon, Nov 23, 2009 at 05:21:41AM +0100, Erwin Lam wrote:
> > >> Indeed it will not.  We have a fix in svn to make the 0.2.1.x and
> > >> 0.2.2.x-alpha series both work correctly with OpenSSL 0.9.8l. 
> > >> With any luck, we should get releases out before too long.
> Well, I am running tor v, which is the most recent version,
>on openSUSE 11.2 (x86_64). This is what I see in the log:
> Nov 23 05:07:30.363 [warn] TLS error: unexpected close while renegotiating

Right. The release should work with the new openssl.

The release will too, but it isn't out yet; I'm still hoping
to combine a second fix (for bug 1150) along with the openssl changes,
and that one is currently being tested.

I figure people who are always running the latest-and-greatest of whatever
libs won't have much trouble either running our development version,
or using the maint-0.2.1 git branch, until the new stable is ready.

Which distros have backported the new openssl that breaks the world?


To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/