[tor-bugs] #21152 [Core Tor/Tor]: "connections died in state handshaking (TLS) with SSL state SSLv3" sure makes it look like we're using SSLv3
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jan 6 09:02:50 UTC 2017
#21152: "connections died in state handshaking (TLS) with SSL state SSLv3" sure
makes it look like we're using SSLv3
------------------------------+-----------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+-----------------
A user on #tor pointed out:
{{{
Jan 05 13:52:18.000 [warn] 158 connections died in state handshaking
(TLS) with SSL state SSLv3 read server certificate B in HANDSHAKE
}}}
Yet the ChangeLog for Tor 0.2.5.9-rc says:
{{{
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
today support TLS 1.0 or later, so we can safely turn off support
for this old (and insecure) protocol. Fixes bug 13426.
}}}
So, are the handshakes using SSLv3, or are they not? :)
I assume this is just a cosmetic issue where SSL_state_string_long() lies
to us. But who knows, maybe there is something deeper going on?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21152>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list