I have run into this issue just now and iam curious if i can "just" downgrade back or if there is any other way to workaround?
How does this affect my relay? Will it still be useable?
Thx
Am 28.11.2018 um 13:47 schrieb Nick Mathewson:
Hi, folks!
You should know that there is a compatibility issue between Tor and OpenSSL 1.1.1a, when TLS 1.3 is in use. Only OpenSSL 1.1.1a is affected; other OpenSSL versions are not. The effect here is that Tor relays using this version of OpenSSL will not be able to negotiate TLS 1.3 connections with one another.
This is caused by a regression in OpenSSL 1.1.1a's implementation of tls13_hkdf_expand() function. For more information, see https://trac.torproject.org/projects/tor/ticket/28616
We're looking into possible mitigations.
best wishes,