Tor fails to build connections after FreeBSD security update
Roger Dingledine
arma at mit.edu
Sat Dec 5 21:15:03 UTC 2009
On Sat, Dec 05, 2009 at 07:36:13PM +0100, Hans Schnehl wrote:
> On Sat, Dec 05, 2009 at 11:39:33AM -0500, Andrew Lewman wrote:
> > Tor initiates a ssl renegotiate at the start of a circuit, the latest
> > openssl breaks tor. The fixes for this are currently in -alpha only.
> > The 0.2.1.21-dev in git also contains the fix. We're testing
> > 0.2.2.6-alpha right now,
> > https://blog.torproject.org/blog/tor-0226-alpha-released. Please try
> > 0.2.2.6-alpha and let us know if it works.
>
> Tor version 0.2.2.6-alpha (git-1ee580407ccb9130) was where this started.
> That's the current from the official download page now and the one in
> the FreBSD ports.
> Tried Tor version 0.2.2.6-alpha-dev (git-4afdb79051f7b1ca) from a minute
> ago or so, fails with OpenSSL 0.9.8e, runs "sort of" with 0.9.8.l but
> still gives the following:
To make things more complex, while Tor 0.2.2.6-alpha has the workaround
to handle the way that openssl 0.9.8l broke renegotiation, it looks
like openssl 0.9.8m broke renegotiation in a new way. The upcoming
0.2.2.7-alpha (or current git head) aims to handle this new way.
So I'm not sure what your openssl 0.9.8e actually is. But perhaps it's
0.9.8e with backports from 0.9.8m, in which case moving to Tor's git
head might help.
See also
https://bugs.torproject.org/flyspray/index.php?do=details&id=1158
http://archives.seul.org/or/cvs/Dec-2009/msg00081.html
> Was there a general change in handling StrictEntryNodes, as this does not
> work in either combination ?
Nope. I have a branch that will clean up the entrynodes / exitnodes
behavior, but I haven't found time lately to merge it.
--Roger
More information about the tor-relays
mailing list