[tor-relays] Recommended reject lines for relays affected by Heartbleed

Scott Bennett bennett at sdf.org
Thu Apr 17 20:58:54 UTC 2014

Andrea Shepard <andrea at torproject.org> wrote:

> On Thu, Apr 17, 2014 at 08:58:46PM +0200, Lars Kumbier wrote:
> > I'm supposedly running one of the still affected tor-relays and since my
> > relay is also a guard, I'm in the latest blocklist[1] (pre-upgrade
> > fingerprint). I did upgrade the system on April 9th to openssl
> > 1.0.1-4ubuntu5.12 - base system is an ubuntu 12.04.
> > 
> > According to the changelog[2], this should have fixed the heartbleed
> > issue and according to this scanner[3], it should be as well. I did
> > create new keys anyway, but just to be sure: Is the host[4] still
> > affected as given in the blocklist?
> > 
> > Best,
> > Lars
> > __________________________________
> > [1]
> > https://atlas.torproject.org/#details/9AB511B6894566C1CF56043CE60077D213CF1A1A
> > [2] https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12
> > [3] https://filippo.io/Heartbleed/#tor.kumbier.it
> > [4] tor running on
> A router at that IP with identity 9AB511B6894566C1CF56043CE60077D213CF1A1A
> tested positive for Heartbleed several times, most recently at
> 2014-04-17 10:19:18, before testing negative at 2014-04-17 18:51:46 (all
> times UTC).  If you rotate the key you should be fine, but that key is
> potentially exposed.
     No, I don't think that is sufficient.  Not only must the onion keypair
be replaced, but also the relay's identity keypair.  Once the authorities
have been told to reject the identity key with the fingerprint shown above,
that relay will no longer be included in the consensus, nor will its published
descriptor be distributed by them.
     The reason for rejecting the identity keys as well is that the identity
secret key may just as easily have been leaked as the onion secret key.
     So, Lars, either destroy or rename all of your existing keys for tor,
both secret and public, and then restart tor.  It will not find existing keys
during its startup phase and will therefore generate brand-new keys.  After
checking for reachability, it will publish a new descriptor.  Within a couple
of hours, the authorities will begin including the new relay in the consensus
and distributing the descriptor.  IOW, get rid of *all* the old keys, restart
tor, and tor will handle the rest for you.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:   bennett at sdf.org   *or*   bennett at freeshell.org   *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *

More information about the tor-relays mailing list