[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
From: Paul <paul@xxxxxxxxxxxxx>
Date: Sun, 2 Dec 2018 02:30:52 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 01 Dec 2018 20:40:47 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=roteserver.de; s=201802; t=1543714258; bh=5ijnDDEgWDq84BjBfeesId06iq+tr2unnw12knckcRs=; h=Subject:To:References:From:Date:In-Reply-To:From; b=SVPbPZJAcXYgqHCgxT+XfA6cXtN6Milps7cFoXtXIsoAoQXhz5d5ZFwKR+PO/e8Pk e3H5hNK2y0O/oVbTzAZMMWmfrJqGmR9VdTqvJI4+Ssinr47g543FO+Mbe0z2q2nMvX 6y+V+U/gef8EN6l0QVY2I4/Vmv5aMMPBxkG262R8m4keqx3CdUgxb39jPgXqbRDc9s 0frXlbchBRWxT7yu6AEWMDyTrCkUtf+w5l16XYqxdaPUs96DOiB0Gw8l3qyKOCxVI5 6x1O/Hn+JR+b4AKzgwA4GYrvrI7ra+eAIQy3QEziAbP9Yyc8154dsibXF7bc9W2dJq 9oZqlz5QA6Lfg==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=roteserver.de; s=201802; t=1543714253; bh=5ijnDDEgWDq84BjBfeesId06iq+tr2unnw12knckcRs=; h=Subject:To:References:From:Date:In-Reply-To:From; b=iZCveR3Qubcdb6U2zWSkYYplXlGbf2Rsa9i3fv51j79p86t5GL9gs+iGGa+LtUeFO eY5f/Zp49L1udbENBxT7dvK2byD1ahcUx+dDg1vxGPAMX4DdIcGPRJu/MxfOsCER7R b4zQAvdYciREX+Bx2LeZEtBz6eawFNT5ICZDGODLUv4dFVBiebWFqQirnPBbnbgezR YP/vxqbqlj4Tzg36aiKzUq5vXjdCCchXoY+uKd0iPswqj06CGEpGswhat+AugtD6+w vvbIW/UcNH2YD2ZSUM/5pNtvuo+kkq7vmnc4LT7tVWKLlKmvIck0CdLP+zRjiMS41p Y12nKY+eQrgPA==
In-reply-to: <CAKDKvuzKfLRS+eNwGSFjdCWMnLZ=MBGZcZQTAqs9VV+zQKgvWg@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuzKfLRS+eNwGSFjdCWMnLZ=MBGZcZQTAqs9VV+zQKgvWg@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.2

I have run into this issue just now and iam curious if i can "just"
downgrade back or if there is any other way to workaround?

How does this affect my relay? Will it still be useable?

Thx

Am 28.11.2018 um 13:47 schrieb Nick Mathewson:
> Hi, folks!
>
> You should know that there is a compatibility issue between Tor and
> OpenSSL 1.1.1a, when TLS 1.3 is in use.  Only OpenSSL 1.1.1a is
> affected; other OpenSSL versions are not.  The effect here is that Tor
> relays using this version of OpenSSL will not be able to negotiate TLS
> 1.3 connections with one another.
>
> This is caused by a regression in OpenSSL 1.1.1a's implementation of
> tls13_hkdf_expand() function.  For more information, see
> https://trac.torproject.org/projects/tor/ticket/28616
>
> We're looking into possible mitigations.
>
> best wishes,
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
  - From: Nick Mathewson

Prev by Author: Re: [tor-relays] New exit relay help
Next by Author: Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
Previous by thread: Re: [tor-relays] tor irc
Next by thread: Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
Index(es):
- Author
- Thread