[tor-relays] Compatibility issue with OpenSSL 1.1.1a
Nick Mathewson
nickm at torproject.org
Mon Dec 3 01:09:21 UTC 2018
On Sat, Dec 1, 2018 at 8:40 PM Paul <paul at roteserver.de> wrote:
>
> I have run into this issue just now and iam curious if i can "just"
> downgrade back or if there is any other way to workaround?
>
I think that it's okay to downgrade to 1.1.1 for Tor's purposes: the
two security vulnerabilities fixed in 1.1.1a are about DSA and ECDSA,
which Tor doesn't use. Also, you could use 1.1.0j if you prefer
something patched.
> How does this affect my relay? Will it still be useable?
It will be usable by anybody connecting to it with TLS up to 1.2, and
by clients using TLS 1.3. Connections between your relay and other
relays will fail if you are both upgraded to TLS 1.3.
More information about the tor-relays
mailing list