[tor-relays] Compatibility issue with OpenSSL 1.1.1a

28 Nov 2018


      Hi, folks!
You should know that there is a compatibility issue between Tor and
OpenSSL 1.1.1a, when TLS 1.3 is in use.  Only OpenSSL 1.1.1a is
affected; other OpenSSL versions are not.  The effect here is that Tor
relays using this version of OpenSSL will not be able to negotiate TLS
1.3 connections with one another.
This is caused by a regression in OpenSSL 1.1.1a's implementation of
tls13_hkdf_expand() function.  For more information, see
https://trac.torproject.org/projects/tor/ticket/28616
We're looking into possible mitigations.
best wishes,
-- 
Nick

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[tor-relays] Compatibility issue with OpenSSL 1.1.1a