[tor-bugs] #27344 [Core Tor/Tor]: Debian OpenSSL 1.1.1~~pre6-1 requires 2048 bit RSA keys (was: TLS error while constructing a TLS context: dh key too small (in SSL routines:ssl3_ctx_ctrl:---))
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 27 12:00:20 UTC 2018
#27344: Debian OpenSSL 1.1.1~~pre6-1 requires 2048 bit RSA keys
-------------------------------------------------+-------------------------
Reporter: weasel | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.3.4.x-final
Component: Core Tor/Tor | Version: Tor:
| unspecified
Severity: Normal | Resolution:
Keywords: openssl, debian, 034-must, | Actual Points:
035-must, 029-backport, 032-backport, |
033-backport, 034-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* keywords: =>
openssl, debian, 034-must, 035-must, 029-backport, 032-backport,
033-backport, 034-backport
* version: Tor: 0.3.3.9 => Tor: unspecified
* milestone: => Tor: 0.3.4.x-final
Comment:
This appears to be a bug on Tor 0.0.9pre5, but we only backport to
supported release series.
The following Tor subsystems use RSA 1024 bit keys:
* relay and bridge legacy onion keys
* authorities and bridge authorities parsing those keys
* v2 onion services
Some helpful people on #tor-dev suggest that we set the security level at
runtime:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
We should fix this in 0.3.4, then backport to 0.2.9 and later.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27344#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list