Re: [tor-relays] Compatibility issue with OpenSSL 1.1.1a

On Sat, Dec 1, 2018 at 8:40 PM Paul paul@roteserver.de wrote:

I have run into this issue just now and iam curious if i can "just" downgrade back or if there is any other way to workaround?

I think that it's okay to downgrade to 1.1.1 for Tor's purposes: the two security vulnerabilities fixed in 1.1.1a are about DSA and ECDSA, which Tor doesn't use. Also, you could use 1.1.0j if you prefer something patched.

How does this affect my relay? Will it still be useable?

It will be usable by anybody connecting to it with TLS up to 1.2, and by clients using TLS 1.3. Connections between your relay and other relays will fail if you are both upgraded to TLS 1.3.