[tor-bugs] #33751 [Internal Services/Tor Sysadmin Team]: WKD: Error running auto-key-locate wkd in Windows 10
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 27 21:07:03 UTC 2020
#33751: WKD: Error running auto-key-locate wkd in Windows 10
-------------------------------------------------+-------------------------
Reporter: ggus | Owner: anarcat
Type: defect | Status: closed
Priority: High | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution: fixed
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):
* status: accepted => closed
* resolution: => fixed
Comment:
i reverted our ciphersuite change, please see if it fixes the problem for
you.
{{{
commit 6cc23ac7ee461cd14cad96da2344f3c797fa9df5 (HEAD -> master,
origin/master, origin/HEAD)
Author: Antoine Beaupré <anarcat at debian.org>
Date: Fri Mar 27 17:03:27 2020 -0400
Revert "Update SSL preferences and disable TLS 1 and 1.1 in apache re:
#32351"
This causes problems with GnuPG as a WKD client on windows, see #33751
This reverts commit c5278f3562d8c6e8d05a0bc0f74ef17bd397e2e7.
diff --git a/modules/apache2/templates/puppet-conf.erb
b/modules/apache2/templates/puppet-conf.erb
index 1f5583e9..4924b3a5 100644
--- a/modules/apache2/templates/puppet-conf.erb
+++ b/modules/apache2/templates/puppet-conf.erb
@@ -1,11 +1,15 @@
<IfModule mod_ssl.c>
- # this is a list that seems suitable as of 2020-03, when running buster
- # (Debian 10). It probably requires re-visiting regularly.
- # 2020-03-11
- # https://ssl-
config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1d&guideline=5.4
- SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
- SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128
-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128
-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
- SSLHonorCipherOrder off
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLHonorCipherOrder On
+
+ # this is a list that seems suitable as of 2014-10, when running
wheezy. It
+ # probably requires re-visiting regularly.
+ # 2018-07-17
+ # https://mozilla.github.io/server-side-tls/ssl-config-
generator/?server=apache-2.4.25&openssl=1.0.2l&hsts=yes&profile=intermediate
+ # https://mozilla.github.io/server-side-tls/ssl-config-
generator/?server=apache-2.4.25&openssl=1.1.0&hsts=no&profile=intermediate
+ #
+ # https://trac.torproject.org/projects/tor/ticket/32351
+ SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-
CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-
SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-
AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256
:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384
:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA
:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-
AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-
CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-
SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
<%- if has_variable?("apache2deb9") && ((@apache2deb9.kind_of?(String)
and @apache2deb9 == "true") or (@apache2deb9.kind_of?(TrueClass))) -%>
SSLUseStapling On
}}}
i made a note in #32351 so that we test on windows before the next
attempt.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33751#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list