[tor-bugs] #24978 [Core Tor/Tor]: Tor doesn't work when built with (unreleased) OpenSSL 1.1.1 built with enable-tls1_3
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 23 14:01:47 UTC 2018
#24978: Tor doesn't work when built with (unreleased) OpenSSL 1.1.1 built with
enable-tls1_3
-------------------------+-------------------------------------------------
Reporter: nickm | Owner: nickm
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core | Version:
Tor/Tor | Keywords: 029-backport 031-backport
Severity: Normal | 032-backport openssl
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------+-------------------------------------------------
From https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ :
>If you explicitly configure your ciphersuites then care should be taken
to ensure that you are not inadvertently excluding all TLSv1.3 compatible
ciphersuites. If a client has TLSv1.3 enabled but no TLSv1.3 ciphersuites
configured then it will immediately fail (even if the server does not
support TLSv1.3) with an error message
That's the situation we're in now. When OpenSSL 1.1.1 releases in April,
current Tor versions just won't work with it at all, since they have
neither disabled TLS1.3 nor enabled any TLS1.3 ciphers.
We have two options for fixing this: I'll implement both and we can see
what we like.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24978>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list