[tor-relays] Advisory: remote DoS when using Tor with recent OpenSSL versions built with the "no-ssl3" option.
nickm at freehaven.net
Tue Oct 21 02:43:04 UTC 2014
Hello, relay operators!
There's one important bugfix in the 0.2.5.9-rc release that relay
operators should know about. If you have a version of OpenSSL that
came out last week (like 1.0.1j, 1.0.0, ) and if your version of
openssl is built with the "no-ssl3" flag, then it's possible to crash
your Tor relay remotely if you don't upgrade to 0.2.5.9-rc or to
0.2.4.25 (when that's out).
This appears to be an OpenSSL bug. The Tor releases in question
contain a workaround for it.
To tell if your version of openssl was built with 'no-ssl3': run
"openssl s_client -ssl3 -connect www.torproject.org:443". If it gives
you an output beginning with something like:
alert handshake failure:s3_pkt.c:1257:SSL alert number 40
then you're fine and you don't need to upgrade Tor on your relay. But if it
says something that starts like:
unknown option -ssl3
usage: s_client args
then you need to upgrade your Tor.
=== Some questions and answers:
Q: Does this affect clients?
A: No. Only relays.
Q: Does this affect me if I'm running a version of OpenSSL other than
1.0.1j, 1.0.0o, or 0.9.8zc?
A: No. Only those versions.
Q: Does this affect me if I'm running a version of OpenSSL configured
without the "no-ssl3" option?
A: No. Only versions that were built with the "no-ssl3" option are affected.
Q: Does the openssl team know?
A: Yes. Have a look at this thread.
http://marc.info/?l=openssl-dev&m=141357408522028&w=2 . Also, before
I saw that thread, I informed them the other day.
Q: Does this affect Tor packages?
A: I don't think that we shipped any packages where we used the
"no-ssl3" flag to diable ssl3. So only if you're using OpenSSL from
another source (say, your operating system) will you be affected.
Q: What can I do to remediate this problem?
A: You can upgrade to the most recent Tor, or you can use a version of
OpenSSL built without the "no-ssl3" flag. Downgrading your OpenSSL is
Q: What is the potential impact of this bug?
A: If a relay is affected by this bug, anybody can make the relay exit
remotely. It does not enable any data leaks or remote code execution.
Still, the ability to selectively disable relays might enable a
sophisticated attacker to do some kinds of traffic analysis more
efficiently. So, fix your relay if it's affected.
Q: Should we run in circles and freak out?
A: Not this time. We should just make sure we fix affected relays.
Q: Hey, Nick, you didn't explain this properly!
A: Please send a follow-up message that explains it better. :)
More information about the tor-relays