On 06/20/2014 06:47 AM, Tora Tora Tora wrote:
Regretfully, I have to shutdown my two middle relays (not too big, you won't even notice it :-D), since I am unable to resolve issues with the latest OpenSSL bug.
I was able to find upgraded packages for Centos and Fedora that are supposed to address CVE-2014-0224 vulnerability (the change log claims so). However, the Tripwire )SSL_CCS_InjectTest and Qualys onlien tests both disagree.
If someone can suggest a resolution that works, I might be able to keep them running, otherwise I see no point in running vulnerable relays until I figure things out.
You have probably figured this out already (you just needs to restart the tor daemon), but you may find the following handy (Fedora, CentOS, RHEL specific):
To find out if your openssl package has the fix:
rpm -q --changelog openssl | grep CVE-2014-0224
To check which processes are using old libraries, you can use ps plugin for yum (install package yum-plugin-ps to get it) which scripts the lsof trick which has been already mentioned. Usage is simple:
yum ps
Martin Bukatovic