Somebody always asks whether Tor is affected by each OpenSSL advisory, so I'm sending this mail in order to get a URL to send people to. :)
Here are today's advisories: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000061.html
With respect to the first ( "DH small subgroups (CVE-2016-0701)" ), Tor is not affected because we set the SSL_OP_SINGLE_DH_USE() option. We started setting this option back in Tor 0.1.1.9-alpha, back in 2005.
With respect to the second ( "SSLv2 doesn't block disabled ciphers (CVE-2015-3197)" ), Tor is not affected because we disable SSLv2 by setting SSL_OP_NO_SSLv2. We started setting this option in Tor 0.0.2pre8, back in 2003.
Of course, other applications that you use over Tor may be affected, even though Tor is not; please remember to upgrade them as patches become available.
best wishes,
On Thu, 28 Jan 2016 10:35:21 -0500 Nick Mathewson nickm@torproject.org wrote:
Somebody always asks whether Tor is affected by each OpenSSL advisory, so I'm sending this mail in order to get a URL to send people to. :)
Here are today's advisories: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000061.html
With respect to the first ( "DH small subgroups (CVE-2016-0701)" ), Tor is not affected because we set the SSL_OP_SINGLE_DH_USE() option. We started setting this option back in Tor 0.1.1.9-alpha, back in 2005.
It's also worth noting that newer (0.2.7.x) versions of Tor should not be doing DHE except when talking to old versions of Tor, linked against old versions of OpenSSL as ECDH is both mandatory and preferred in the current stable series.
All versions of OpenSSL that predate support for ECC have been EOLed and no longer receive security fixes, so if your system is using OpenSSL 0.9.8 (or 1.0.0 for that matter though it has ECC), you are strongly encouraged to upgrade to something that is being maintained.
Regards,
It's also worth noting that newer (0.2.7.x) versions of Tor should not be doing DHE except when talking to old versions of Tor, linked against old versions of OpenSSL as ECDH is both mandatory and preferred in the current stable series.
Is ECDH currently mandatory or did you mean ECDHE?
On Thu, 28 Jan 2016 18:05:51 +0100 Tim Kuijsten info@netsend.nl wrote:
It's also worth noting that newer (0.2.7.x) versions of Tor should not be doing DHE except when talking to old versions of Tor, linked against old versions of OpenSSL as ECDH is both mandatory and preferred in the current stable series.
Is ECDH currently mandatory or did you mean ECDHE?
Yes.
It uses ECDH with Ephemeral keys. Really, unless you vendor's OpenSSL library is doing something Really Silly, or is ancient, this will Do The Right Thing (TM).