[tor-talk] Watch out for openssl 1.0.1d if you're using AESNI

Nick Mathewson nickm at freehaven.net
Thu Feb 7 19:19:32 UTC 2013

Hi, all!

There's a bug in openssl 1.0.1d that breaks Tor (and lots of other
programs) if you have a CPU with aesni support.

If you have aesni support on your CPU, and you're using the openssl
1.0.1 series, and you decide that you simply _must_ upgrade OpenSSL
before 1.0.1e can be released (soon, I hope), then see the link below
for a patch that will make Tor work around the bug in question.

For more information on the openssl bug, see
https://trac.torproject.org/projects/tor/ticket/8179 .

(Incidentally, because one or two people have asked: Tor itself isn't
affected by the new Lucky-13 attack against TLS CBC implementations.
In order to do plaintext recovery, the attack requires that the same
secret be sent in a large number of encrypted TLS sessions. This can
happen with HTTPS (where an attacker can force many connections to
happen with Javascript, each of which will contain a cookie that the
attacker is trying to steal).  Tor, on the other hand, will send the
same secret encrypted the same way more than once.

This doesn't mean that Tor users couldn't be affected, though.
TorBrowser is a web browser based on Firefox, after all, and therefore
is potentially affected by any attack affecting HTTP.  Once there's a
new version of Firefox out, I hope that we'll have an updated browser
released soon afterwards.

For more information on the attack and its impact, see
http://www.isg.rhul.ac.uk/tls/ .)

best wishes,

More information about the tor-talk mailing list