FS#17088 : openssl 0.9.8l has compatibility issue with tor

FS#17088 - openssl 0.9.8l has compatibility issue with tor

Attached to Project: Arch Linux
Opened by Lyman Li (lyman) - Tuesday, 10 November 2009, 07:16 GMT
Last edited by Andrea Scarpino (BaSh) - Tuesday, 10 November 2009, 12:24 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Pierre Schmitz (Pierre) Eric Belanger (Snowman) Andrea Scarpino (BaSh)
Architecture	x86_64
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
after upgrade to openssl-0.9.8l, tor stops working. back to openssl-0.9.8k solve the problem.

Additional info:
* package version(s)

core/openssl 0.9.8l-1
extra/tor 0.2.1.20-1

* config and/or log files etc.

Nov 10 14:31:15 cruiser Tor[9287]: Bootstrapped 5%: Connecting to directory server.
Nov 10 14:31:15 cruiser Tor[9287]: Bootstrapped 10%: Finishing handshake with directory server.
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 7; recommendation warn)

Steps to reproduce:

1, upgrade openssl
2, tail -f /var/log/everything.log
3, /etc/rc.d/tor start

This task depends upon

Closed by Andrea Scarpino (BaSh)
Tuesday, 10 November 2009, 12:24 GMT
Reason for closing: Upstream
Additional comments about closing: fixed on upstream trunk

Comment by Pierre Schmitz (Pierre) - Tuesday, 10 November 2009, 07:27 GMT

Renegotiating is disabled due to a design issue in TLS (not openssl itself but the protocol), which would allow MTM attacks. It's known that this will break some rare use cases. You should ask the tor developers if its possible to live without renegotiating; enabling a known insecure feature is not an option.

For reference see https://bugzilla.redhat.com/show_bug.cgi?id=533125 or search for CVE-2009-3555

Comment by Lyman Li (lyman) - Tuesday, 10 November 2009, 07:46 GMT

i see. i'll try to contact tor developer. thanks for your quick response.

Comment by Pierre Schmitz (Pierre) - Tuesday, 10 November 2009, 07:53 GMT

Task assigned to Andrea Scarpino (BaSh), Pierre Schmitz (Pierre), Eric Belanger (Snowman)

assigning to the Orphan Team because tor is unmaintained.

Comment by Lyman Li (lyman) - Tuesday, 10 November 2009, 08:04 GMT

I've pushed this bug to upstream.

http://bugs.noreply.org/flyspray/index.php?do=details&id=1144

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#17088 - openssl 0.9.8l has compatibility issue with tor

Details

Loading...