[tor-relays] Relays vulnerable to OpenSSL bug: Please upgrade

Moritz Bartl moritz at torservers.net
Tue Apr 8 04:11:01 UTC 2014


A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today, which
can be used to reveal memory to a connected client or server.

If you're using an older OpenSSL version, you're safe.

Note that this bug affects way more programs than just Tor — expect
everybody who runs an https webserver to be scrambling today. If you
need strong anonymity or privacy on the Internet, you might want to stay
away from the Internet entirely for the next few days while things settle.

Here are our first thoughts on what Tor components are affected:

    Clients: Tor Browser shouldn't be affected, since it uses libnss
rather than openssl. But Tor clients could possibly be induced to send
sensitive information like "what sites you visited in this session" to
your entry guards. If you're using TBB we'll have new bundles out
shortly; if you're using your operating system's Tor package you should
get a new OpenSSL package and then be sure to manually restart your Tor.

    Relays and bridges: Tor relays and bridges could maybe be made to
leak their medium-term onion keys (rotated once a week), or their
long-term relay identity keys. An attacker who has your relay identity
key can publish a new relay descriptor indicating that you're at a new
location (not a particularly useful attack). An attacker who has your
relay identity key, has your onion key, and can intercept traffic flows
to your IP address can impersonate your relay (but remember that Tor's
multi-hop design means that attacking just one relay in the client's
path is not very useful). In any case, best practice would be to update
your OpenSSL package, discard all the files in keys/ in your
DataDirectory, and restart your Tor to generate new keys.

    Hidden services: Tor hidden services might leak their long-term
hidden service identity keys to their guard relays. Like the last big
OpenSSL bug, this shouldn't allow an attacker to identify the location
of the hidden service, but an attacker who knows the hidden service
identity key can impersonate the hidden service. Best practice would be
to move to a new hidden-service address at your convenience.

    Directory authorities: In addition to the keys listed in the "relays
and bridges" section above, Tor directory authorities might leak their
medium-term authority signing keys. Once you've updated your OpenSSL
package, you should generate a new signing key. Long-term directory
authority identity keys are offline so should not be affected (whew).
More tricky is that clients have your relay identity key hard-coded, so
please don't rotate that yet. We'll see how this unfolds and try to
think of a good solution there.

    Tails is still tracking Debian oldstable, so it should not be
affected by this bug.

    Orbot looks vulnerable; we'll try to publish more details here soon.
    It looks like most of the webservers in the
https://www.torproject.org/ rotation need upgrades too, and maybe we'll
need to throw away our torproject SSL web cert and get a new one —
hopefully we'll deal with all that soon.

Moritz Bartl

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140408/d00aac7c/attachment.sig>

More information about the tor-relays mailing list