are relays susceptible to the latest OpenSSL "freak" attack - tor-relays - lists.torproject.org

List overview All Threads
Download

are relays susceptible to the latest OpenSSL "freak" attack

Re: [tor-relays] New relay...

7 relays gone because of spammers

starlight.2015q1＠binnacle.cx

4 Mar 2015 4 Mar '15

4:26 a.m.

Cipher-downgrade CVE-2015-0204 fixed in OpenSSL 1.0.1k.

usual sensational write-up courtesy of El-Reg

http://theregister.co.uk/security

For operators who don't obsess over "non-critical" OpenSSL releases, is it time to catch up?

Reply

Show replies by date

Nick Mathewson

4 Mar 4 Mar

1:12 p.m.

New subject: are relays susceptible to the latest OpenSSL "freak" attack

On Wed, Mar 4, 2015 at 5:26 AM, starlight.2015q1@binnacle.cx wrote:

Cipher-downgrade CVE-2015-0204 fixed in OpenSSL 1.0.1k.

usual sensational write-up courtesy of El-Reg

http://theregister.co.uk/security

I believe this doesn't affect Tor relays or clients, because we have never supported export ciphers or generated export keys.

For operators who don't obsess over "non-critical" OpenSSL releases, is it time to catch up?

I would suggest that everybody should update their openssl releases as a matter of best practice, IMNSHO.

For more information, Matthew Green's writeup is quite informative: http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-fact...

Reply

3545

Age (days ago)

3545

Last active (days ago)

tor-relays@lists.torproject.org

1 comments

2 participants

tags (0)

participants (2)

Nick Mathewson
starlight.2015q1＠binnacle.cx