[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Shutting down middle relays (off-topic)



On 06/20/2014 06:47 AM, Tora Tora Tora wrote:
> Regretfully, I have to shutdown my two middle relays (not too big, you
> won't even notice it :-D), since I am unable to resolve issues with the
> latest OpenSSL bug.
> 
> I was able to find upgraded packages for Centos and Fedora that are
> supposed to address CVE-2014-0224 vulnerability (the change log claims
> so). However, the Tripwire )SSL_CCS_InjectTest and Qualys onlien tests
> both disagree.
> 
> If someone can suggest a resolution that works, I might be able to keep
> them running, otherwise I see no point in running vulnerable relays
> until I figure things out.

You have probably figured this out already (you just needs to restart
the tor daemon), but you may find the following handy (Fedora, CentOS,
RHEL specific):

To find out if your openssl package has the fix:

    rpm -q --changelog openssl | grep CVE-2014-0224

To check which processes are using old libraries, you can use
ps plugin for yum (install package yum-plugin-ps to get it) which
scripts the lsof trick which has been already mentioned. Usage is
simple:

    yum ps

Martin Bukatovic

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays