[tor-relays] are relays susceptible to the latest OpenSSL "freak" attack
Nick Mathewson
nickm at freehaven.net
Wed Mar 4 13:12:26 UTC 2015
On Wed, Mar 4, 2015 at 5:26 AM, <starlight.2015q1 at binnacle.cx> wrote:
> Cipher-downgrade CVE-2015-0204 fixed in OpenSSL 1.0.1k.
>
> usual sensational write-up courtesy of El-Reg
>
> http://theregister.co.uk/security
I believe this doesn't affect Tor relays or clients, because we have
never supported export ciphers or generated export keys.
> For operators who don't obsess
> over "non-critical" OpenSSL releases,
> is it time to catch up?
I would suggest that everybody should update their openssl releases as
a matter of best practice, IMNSHO.
For more information, Matthew Green's writeup is quite informative:
http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html
More information about the tor-relays
mailing list