-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Ah, I just saw that Sina spoke to exactly this issue in your ticket #11502. I'll continue this conversation out of list with him. Peter B:
hi all,
As I understand, there are two steps to mitigating the Heartbled bug for Tor bridges:
- Upgrade OpenSSL 2. rm -rf /var/lib/tor/keys/* and restart the
tor procses
While the bridges on Tor Cloud (and therefore Access' Global Proxy Cloud) are configured to automatically fetch updates, there is no way to complete step 2 with SSH access, correct? If so, is there any plan to deal with instances that were set up with the vulnerable version of OpenSSL, but whoever set up the instance has not or cannot regenerate the keys.
- -- Peter Bourgelais Circumvention and Network Interference Technologist Access | accessnow.org | rightscon.org PGP ID: 0x1C16F6D8 Fingerprint: EC9B 18C2 EBF4 07E0 37C6 E306 6592 DE70 1C16 F6D8 Github: https://github.com/pbourgel