[tor-bugs] #11441 [Tor Sysadmin Team]: OpenSSL bug CVE-2014-0160 fixes

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 17 17:52:33 UTC 2014


#11441: OpenSSL bug CVE-2014-0160 fixes
--------------------------------+------------------------------------------
     Reporter:  phobos          |      Owner:
         Type:  defect          |     Status:  new
     Priority:  normal          |  Milestone:
    Component:  Tor Sysadmin    |    Version:
  Team                          |   Keywords:  openssl bad bad bad hearbeat
   Resolution:                  |  Parent ID:
Actual Points:                  |
       Points:                  |
--------------------------------+------------------------------------------

Comment (by mttp):

 The certificate I see for *.torproject.org is:

 Issued Certificate
 Version:        3
 Serial Number:  09 48 B1 A9 3B 25 1D 0D B1 05 10 59 E2 C2 68 0A
 Not Valid Before:       2013-10-22
 Not Valid After:        2016-05-03
 Certificate Fingerprints
 SHA1:   84 24 56 56 8E D7 90 43 47 AA 89 AB 77 7D A4 94 3B A1 A7 D5
 MD5:    A4 16 66 80 AE B9 A4 EC AA 88 01 1B 6F B9 EB CB


 For blog.torproject.org, I see:

 Issued Certificate
 Version:        3
 Serial Number:  05 CA 2A A9 A5 D6 ED 44 C7 2D 88 1A 18 B0 E7 DC
 Not Valid Before:       2014-04-09
 Not Valid After:        2017-06-14
 Certificate Fingerprints
 SHA1:   DE 20 3D 46 FD C3 68 EB BA 40 56 39 F5 FA FD F5 4E 3A 1F 83
 MD5:    8A 8A A2 5E D9 7F 84 4C 8F 00 3B 43 E0 2D E6 4D

 Can someone please confirm this is correct before I update
 https://www.torproject.org/docs/faq#SSLcertfingerprint

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11441#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list