[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #24978 [Core Tor/Tor]: Tor doesn't work when built with (unreleased) OpenSSL 1.1.1 built with enable-tls1_3

To: undisclosed-recipients: ;
Subject: [tor-bugs] #24978 [Core Tor/Tor]: Tor doesn't work when built with (unreleased) OpenSSL 1.1.1 built with enable-tls1_3
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 23 Jan 2018 14:01:47 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 23 Jan 2018 09:01:56 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#24978: Tor doesn't work when built with (unreleased) OpenSSL 1.1.1 built with
enable-tls1_3
-------------------------+-------------------------------------------------
     Reporter:  nickm    |      Owner:  nickm
         Type:  defect   |     Status:  assigned
     Priority:  Medium   |  Milestone:  Tor: 0.3.3.x-final
    Component:  Core     |    Version:
  Tor/Tor                |   Keywords:  029-backport 031-backport
     Severity:  Normal   |  032-backport openssl
Actual Points:           |  Parent ID:
       Points:           |   Reviewer:
      Sponsor:           |
-------------------------+-------------------------------------------------
 From https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ :

 >If you explicitly configure your ciphersuites then care should be taken
 to ensure that you are not inadvertently excluding all TLSv1.3 compatible
 ciphersuites. If a client has TLSv1.3 enabled but no TLSv1.3 ciphersuites
 configured then it will immediately fail (even if the server does not
 support TLSv1.3) with an error message

 That's the situation we're in now.  When OpenSSL 1.1.1 releases in April,
 current Tor versions just won't work with it at all, since they have
 neither disabled TLS1.3 nor enabled any TLS1.3 ciphers.

 We have two options for fixing this: I'll implement both and we can see
 what we like.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24978>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #24978 [Core Tor/Tor]: Tor doesn't work when built with (unreleased) OpenSSL 1.1.1 built with enable-tls1_3
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #24978 [Core Tor/Tor]: Tor doesn't work when built with (unreleased) OpenSSL 1.1.1 built with enable-tls1_3
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #24392 [Core Tor/Tor]: Ignore cached bridge descriptors until we check if they are running
Next by Author: Re: [tor-bugs] #22000 [Applications/Tor Browser]: update OSX browser sandbox profile for e10s
Previous by thread: Re: [tor-bugs] #24977 [Core Tor/Tor]: Non-fatal assertion !(tor_mem_is_zero((const char*)node->hsdir_index->fetch, DIGEST256_LEN))
Next by thread: Re: [tor-bugs] #24978 [Core Tor/Tor]: Tor doesn't work when built with (unreleased) OpenSSL 1.1.1 built with enable-tls1_3
Index(es):
- Author
- Thread