[tor-relays] Compatibility issue with OpenSSL 1.1.1a
Paul
paul at roteserver.de
Sun Dec 2 01:30:52 UTC 2018
I have run into this issue just now and iam curious if i can "just"
downgrade back or if there is any other way to workaround?
How does this affect my relay? Will it still be useable?
Thx
Am 28.11.2018 um 13:47 schrieb Nick Mathewson:
> Hi, folks!
>
> You should know that there is a compatibility issue between Tor and
> OpenSSL 1.1.1a, when TLS 1.3 is in use. Only OpenSSL 1.1.1a is
> affected; other OpenSSL versions are not. The effect here is that Tor
> relays using this version of OpenSSL will not be able to negotiate TLS
> 1.3 connections with one another.
>
> This is caused by a regression in OpenSSL 1.1.1a's implementation of
> tls13_hkdf_expand() function. For more information, see
> https://trac.torproject.org/projects/tor/ticket/28616
>
> We're looking into possible mitigations.
>
> best wishes,
More information about the tor-relays
mailing list