[tor-relays] Shutting down middle relays (off-topic)
Martin Bukatovič
martin.bukatovic at gmail.com
Sat Jun 21 18:00:28 UTC 2014
On 06/20/2014 06:47 AM, Tora Tora Tora wrote:
> Regretfully, I have to shutdown my two middle relays (not too big, you
> won't even notice it :-D), since I am unable to resolve issues with the
> latest OpenSSL bug.
>
> I was able to find upgraded packages for Centos and Fedora that are
> supposed to address CVE-2014-0224 vulnerability (the change log claims
> so). However, the Tripwire )SSL_CCS_InjectTest and Qualys onlien tests
> both disagree.
>
> If someone can suggest a resolution that works, I might be able to keep
> them running, otherwise I see no point in running vulnerable relays
> until I figure things out.
You have probably figured this out already (you just needs to restart
the tor daemon), but you may find the following handy (Fedora, CentOS,
RHEL specific):
To find out if your openssl package has the fix:
rpm -q --changelog openssl | grep CVE-2014-0224
To check which processes are using old libraries, you can use
ps plugin for yum (install package yum-plugin-ps to get it) which
scripts the lsof trick which has been already mentioned. Usage is
simple:
yum ps
Martin Bukatovic
More information about the tor-relays
mailing list