[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #27344 [Core Tor/Tor]: Debian OpenSSL 1.1.1~~pre6-1 requires 2048 bit RSA keys (was: TLS error while constructing a TLS context: dh key too small (in SSL routines:ssl3_ctx_ctrl:---))
#27344: Debian OpenSSL 1.1.1~~pre6-1 requires 2048 bit RSA keys
-------------------------------------------------+-------------------------
Reporter: weasel | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.3.4.x-final
Component: Core Tor/Tor | Version: Tor:
| unspecified
Severity: Normal | Resolution:
Keywords: openssl, debian, 034-must, | Actual Points:
035-must, 029-backport, 032-backport, |
033-backport, 034-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* keywords: =>
openssl, debian, 034-must, 035-must, 029-backport, 032-backport,
033-backport, 034-backport
* version: Tor: 0.3.3.9 => Tor: unspecified
* milestone: => Tor: 0.3.4.x-final
Comment:
This appears to be a bug on Tor 0.0.9pre5, but we only backport to
supported release series.
The following Tor subsystems use RSA 1024 bit keys:
* relay and bridge legacy onion keys
* authorities and bridge authorities parsing those keys
* v2 onion services
Some helpful people on #tor-dev suggest that we set the security level at
runtime:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
We should fix this in 0.3.4, then backport to 0.2.9 and later.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27344#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs