Tor fails to build connections after FreeBSD security update

Mike L jackoroses at gmail.com
Sat Dec 5 17:03:34 UTC 2009 

Hello
 I am currently running Tor v0.2.2.6-alpha (git-1ee580407ccb9130) and this
is the error I receive running it.

Dec  5 11:50:15 XXX Tor[1300]: TLS error: unexpected close while
renegotiating (SSL_ST_OK)
Dec  5 11:50:18 XXX Tor[1300]: Tor has successfully opened a circuit. Looks
like client functionality is working.
Dec  5 11:50:18 XXX Tor[1300]: Bootstrapped 100%: Done.
Dec  5 11:50:18 XXX Tor[1300]: Now checking whether ORPort X.X.X.X:9001 and
DirPort X.X.X.X:9030 are reachable... (this may take up to 20 minutes --
look for log messages indicating success)
Dec  5 11:50:18 XXX Tor[1300]: TLS error: unexpected close while
renegotiating (SSL_ST_OK)
it than goes on to repeat the message once a minute in the log.
sockstat does show several connections yet I wonder if they are actually
able to relay through?






On Sat, Dec 5, 2009 at 11:39 AM, Andrew Lewman <andrew at torproject.org>wrote:

> On 12/05/2009 09:54 AM, Hans Schnehl wrote:
> > [snip]]
> > NOTE WELL: This update causes OpenSSL to reject any attempt to
> renegotiate
> > SSL / TLS session parameters.  As a result, connections in which the
> other
> > party attempts to renegotiate session parameters will break.  In
> practice,
> > however, session renegotiation is a rarely-used feature, so disabling
> this
> > functionality is unlikely to cause problems for most systems.
> > [snip]
>
> Tor initiates a ssl renegotiate at the start of a circuit, the latest
> openssl breaks tor.  The fixes for this are currently in -alpha only.
> The 0.2.1.21-dev in git also contains the fix.  We're testing
> 0.2.2.6-alpha right now,
> https://blog.torproject.org/blog/tor-0226-alpha-released.  Please try
> 0.2.2.6-alpha and let us know if it works.
>
> If 0.2.2.6-alpha is shown to work well, then we'll release
> 0.2.1.21-stable soon.
>
> Thanks for running a relay!
>
> --
> Andrew Lewman
> The Tor Project
> pgp 0x31B0974B
>
> Website: https://torproject.org/
> Blog: https://blog.torproject.org/
> Identi.ca: torproject
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20091205/b9d22c34/attachment.htm>

More information about the tor-relays mailing list