Tor fails to build connections after FreeBSD security update

Scott Bennett bennett at cs.niu.edu
Sun Dec 6 10:37:51 UTC 2009 

     On Sun, 6 Dec 2009 10:38:35 +0100 Hans Schnehl <torvallenator at gmail.com>
wrote:
>On Sun, Dec 06, 2009 at 02:25:26AM -0600, Scott Bennett wrote:
>>      On Sun, 6 Dec 2009 09:12:19 +0100 Hans Schnehl <torvallenator at gmail.com>
>> > versions previous to that failed as well.
>> >
>> >----
>> >Just to add a little more confusion ;) ... 
>> >A FreeBSD 8.0-RC2 box on amd64 ships with  a more recent vesion of openssl 
>> >in the base.
>> >ico# openssl 
>> >OpenSSL> version
>> >OpenSSL 0.9.8k 25 Mar 2009
>> > I dare not to upgrade this box for obvious reasons.  
>> 
>>      If you have 8.0-RC2 currently installed on it, then why *not* upgrade to
>> 8.0-STABLE or at least to 8.0-RELEASE-p{whatever} if 8.0-RC2 is failing anyway?
>> Which version of OpenSSL is in the base for 8.0-RELEASE?  Has it already been
>> changed in 8.0-STABLE?
>> >
>> 
>
> Because Tor on the unpatched 8.0-RC2 is running well. (I know... but running) 
>If you/someone can verify 8.0-Stable or Release IS running well with a current
>Tor, I will gladly do that update.  

     Sorry, I have only the one machine running 7.2-STABLE updated to 11 Nov.
2009.  That's why I asked. :-)

>The 7.2-stable's Tor, used only as client and now in utmost updated state, 
>fails AFTER the update.. 

     Okay, I'll hold off a few days longer at least on doing the installkernel,
reboot, mergemaster -p -F, installworld, mergemaster -F, reboot sequence.
>
>BTW
>After some time Tor fails completely.
>This due to it's unability to fetch anything from any directory server,
>I believe, and after some time it just drops  connections.
>I dropped current cached-* files into the tordb, restarted Tor, which
>leads to attempts to connect to nodes, directory servers and an almost
>immediate loss of entries in cached-descriptors.new 
>...         0 Dec  6 08:40 cached-descriptors.new.
>
>done on the very updated box.
>ato# openssl version
>OpenSSL 0.9.8e 23 Feb 2007
>
>and done on the very updated box.
>ato# openssl version
>OpenSSL 0.9.8l 5 Nov 2009
>... but with another log:
>Dec 06 09:29:02.459 [info] TLS error: <syscall error while handshaking>
>(errno=54: Connection reset by peer; state=SSL23_ST_CR_SRVR_HELLO_A)
>Dec 06 09:29:02.459 [info] connection_tls_continue_handshake(): tls error
>[connection reset]. breaking connection. 
>
     Hmm.  I have 0.9.8l installed, too, but I guess I don't know which
version (i.e., base system vs. port) the build procedure for tor links in.
I'm also getting an occasional message like that, but I hadn't noticed them
until you provided the search string.  The low rate of occurrence may be
due to the relatively small portion of FreeBSD-based routers that have been
updated and rebooted out of the relatively small fraction of the router
population that is FreeBSD-based.
>
>>      Curiouser and curiouser... 8-{
>
>me too.
>
     I wonder whether the FreeBSD security team's approach to this problem
was really forced by the nature of the problem or might instead have been
handled in a better manner.  How are Micro$lop, Apple, the various LINUX
teams, etc. handling it?


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

More information about the tor-relays mailing list