[tor-relays] Compatibility issue with OpenSSL 1.1.1a

Nick Mathewson nickm at torproject.org
Wed Nov 28 12:47:05 UTC 2018

Hi, folks!

You should know that there is a compatibility issue between Tor and
OpenSSL 1.1.1a, when TLS 1.3 is in use.  Only OpenSSL 1.1.1a is
affected; other OpenSSL versions are not.  The effect here is that Tor
relays using this version of OpenSSL will not be able to negotiate TLS
1.3 connections with one another.

This is caused by a regression in OpenSSL 1.1.1a's implementation of
tls13_hkdf_expand() function.  For more information, see

We're looking into possible mitigations.

best wishes,

More information about the tor-relays mailing list