[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Compatibility issue with OpenSSL 1.1.1a



Hi, folks!

You should know that there is a compatibility issue between Tor and
OpenSSL 1.1.1a, when TLS 1.3 is in use.  Only OpenSSL 1.1.1a is
affected; other OpenSSL versions are not.  The effect here is that Tor
relays using this version of OpenSSL will not be able to negotiate TLS
1.3 connections with one another.

This is caused by a regression in OpenSSL 1.1.1a's implementation of
tls13_hkdf_expand() function.  For more information, see
https://trac.torproject.org/projects/tor/ticket/28616

We're looking into possible mitigations.

best wishes,
-- 
Nick
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays