[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Sun, 2 Dec 2018 20:09:21 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 02 Dec 2018 20:09:45 -0500
In-reply-to: <7c0a0f6f-78f3-9f9e-cd32-ce0c8518eba3@roteserver.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuzKfLRS+eNwGSFjdCWMnLZ=MBGZcZQTAqs9VV+zQKgvWg@mail.gmail.com> <7c0a0f6f-78f3-9f9e-cd32-ce0c8518eba3@roteserver.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sat, Dec 1, 2018 at 8:40 PM Paul <paul@xxxxxxxxxxxxx> wrote:
>
> I have run into this issue just now and iam curious if i can "just"
> downgrade back or if there is any other way to workaround?
>
I think that it's okay to downgrade to 1.1.1 for Tor's purposes: the
two security vulnerabilities fixed in 1.1.1a are about DSA and ECDSA,
which Tor doesn't use.  Also, you could use 1.1.0j if you prefer
something patched.

> How does this affect my relay? Will it still be useable?

It will be usable by anybody connecting to it with TLS up to 1.2, and
by clients using TLS 1.3.  Connections between your relay and other
relays will fail if you are both upgraded to TLS 1.3.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
  - From: Paul

References:
- Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
  - From: Paul

Prev by Author: Re: [tor-relays] 300mbps FreeBSD Tor relay on HPE MicroServer Gen10 (AMD X3421)
Next by Author: Re: [tor-relays] UbuntuCore relays
Previous by thread: Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
Next by thread: Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a
Index(es):
- Author
- Thread