Yes I am seeing this as well.<br> I recently did the same thing on my home relay with the same end results as you.<br>I did not attempt to install ssl port though and am still trying to make it use the base ssl.<br>I de-installed the port and re-installed but saw the same errors you see still.<br>
running FreeBSD 7.2-RELEASE-p5 #0: Thu Dec 3 22:36:36 EST 2009 (amd64) OpenSSL 0.9.8e 23 Feb 2007 with libevent 1.4.12 (if the version is relevant or not..)<br>Sounds like you are about two steps ahead of me though in tracking down the issue.<br>
<br>Likewise I'm glad I ran it here before I did it on the exit node..<br><br><br><br><br><br><div class="gmail_quote">On Sat, Dec 5, 2009 at 9:54 AM, Hans Schnehl <span dir="ltr"><<a href="mailto:torvallenator@gmail.com">torvallenator@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br>
<br>
<br>
Due to several security advisories ther have been a few patches advised to<br>
be applied on FreeBSD systems.<br>
These are<br>
FreeBSD-SA-09:15.ssl ,<br>
FreeBSD-SA-09:16.rtld,<br>
FreeBSD-SA-09:17.freebsd-update<br>
FreeBSD-SA-09:15.ssl [REVISED]<br>
<br>
FreeBSD-SA-09:15.ssl is to be found at<br>
<a href="http://lists.freebsd.org/pipermail/freebsd-security-notifications/2009-December/000136.html" target="_blank">http://lists.freebsd.org/pipermail/freebsd-security-notifications/2009-December/000136.html</a><br>
and notes:<br>
<br>
[snip]]<br>
NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate<br>
SSL / TLS session parameters. As a result, connections in which the other<br>
party attempts to renegotiate session parameters will break. In practice,<br>
however, session renegotiation is a rarely-used feature, so disabling this<br>
functionality is unlikely to cause problems for most systems.<br>
[snip]<br>
<br>
Well, so shall it be.<br>
I rebuild world to 7.2-STABLE #0 r200100: Fri Dec 4 16:29, but one may just<br>
as well apply patches, see above.<br>
After that Tor, runnig perfectly before the update, fails to build connections.<br>
There are plenties of info level messages about failed TLS renegotiation, which<br>
is just about what the above messages says (surprise!)<br>
<br>
Tor is:<br>
Tor version 0.2.2.6-alpha (git-1ee580407ccb9130), which is the default<br>
tor-devel version available from the fbsd ports ,<br>
the box is running 7.2-STABLE on i386.<br>
<br>
Tor itself and libevent have been rebuild after the build.<br>
<br>
The default Openssl version coming with the 7,2 basesystem is OpenSSL 0.9.8e,<br>
now patched Tor fails to bootstrap ( messages like '...stuck at<br>
85%').<br>
<br>
I made Tor use the ports version, openssl-0.9.8l, and with that<br>
Tor after all is able to build circuits, but only after a unusual<br>
long time and complaining.<br>
Tor though still fails to accept the StrictEntryNodes option, it can't connect to<br>
the nodes listed under EntryNodes and therefore no circuits are build with<br>
this option set. (The nodes are up, but handled as being down)<br>
<br>
THis happened on a box running Tor as a client. Don't really want that<br>
to happen on a busy relay.<br>
<br>
Anyone else seeing this?<br>
Solutions apart from using openssl-0.9.8l ?<br>
What did I possibly miss ?<br>
<br>
Regards<br>
<font color="#888888">Hans<br>
<br>
</font></blockquote></div><br>