[tor-relays] are relays susceptible to the latest OpenSSL "freak" attack
nickm at freehaven.net
Wed Mar 4 13:12:26 UTC 2015
On Wed, Mar 4, 2015 at 5:26 AM, <starlight.2015q1 at binnacle.cx> wrote:
> Cipher-downgrade CVE-2015-0204 fixed in OpenSSL 1.0.1k.
> usual sensational write-up courtesy of El-Reg
I believe this doesn't affect Tor relays or clients, because we have
never supported export ciphers or generated export keys.
> For operators who don't obsess
> over "non-critical" OpenSSL releases,
> is it time to catch up?
I would suggest that everybody should update their openssl releases as
a matter of best practice, IMNSHO.
For more information, Matthew Green's writeup is quite informative:
More information about the tor-relays