[tor-relays] Compatibility issue with OpenSSL 1.1.1a
Nick Mathewson
nickm at torproject.org
Wed Nov 28 12:47:05 UTC 2018
Hi, folks!
You should know that there is a compatibility issue between Tor and
OpenSSL 1.1.1a, when TLS 1.3 is in use. Only OpenSSL 1.1.1a is
affected; other OpenSSL versions are not. The effect here is that Tor
relays using this version of OpenSSL will not be able to negotiate TLS
1.3 connections with one another.
This is caused by a regression in OpenSSL 1.1.1a's implementation of
tls13_hkdf_expand() function. For more information, see
https://trac.torproject.org/projects/tor/ticket/28616
We're looking into possible mitigations.
best wishes,
--
Nick
More information about the tor-relays
mailing list