[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: TLS Man-In-The-Middle Vulnerability
On Mon, Nov 23, 2009 at 05:21:41AM +0100, Erwin Lam wrote:
> > >> Indeed it will not. We have a fix in svn to make the 0.2.1.x and
> > >> 0.2.2.x-alpha series both work correctly with OpenSSL 0.9.8l.
> > >> With any luck, we should get releases out before too long.
>
> Well, I am running tor v 0.2.1.20, which is the most recent version,
>on openSUSE 11.2 (x86_64). This is what I see in the log:
>
> Nov 23 05:07:30.363 [warn] TLS error: unexpected close while renegotiating
Right. The 0.2.2.6-alpha release should work with the new openssl.
The 0.2.1.21 release will too, but it isn't out yet; I'm still hoping
to combine a second fix (for bug 1150) along with the openssl changes,
and that one is currently being tested.
I figure people who are always running the latest-and-greatest of whatever
libs won't have much trouble either running our development version,
or using the maint-0.2.1 git branch, until the new stable is ready.
Which distros have backported the new openssl that breaks the world?
--Roger
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/