Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#17088 - openssl 0.9.8l has compatibility issue with tor

Attached to Project: Arch Linux
Opened by Lyman Li (lyman) - Tuesday, 10 November 2009, 07:16 GMT
Last edited by Andrea Scarpino (BaSh) - Tuesday, 10 November 2009, 12:24 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Pierre Schmitz (Pierre)
Eric Belanger (Snowman)
Andrea Scarpino (BaSh)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
after upgrade to openssl-0.9.8l, tor stops working. back to openssl-0.9.8k solve the problem.

Additional info:
* package version(s)

core/openssl 0.9.8l-1
extra/tor 0.2.1.20-1

* config and/or log files etc.

Nov 10 14:31:15 cruiser Tor[9287]: Bootstrapped 5%: Connecting to directory server.
Nov 10 14:31:15 cruiser Tor[9287]: Bootstrapped 10%: Finishing handshake with directory server.
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 7; recommendation warn)

Steps to reproduce:

1, upgrade openssl
2, tail -f /var/log/everything.log
3, /etc/rc.d/tor start
This task depends upon

Closed by  Andrea Scarpino (BaSh)
Tuesday, 10 November 2009, 12:24 GMT
Reason for closing:  Upstream
Additional comments about closing:  fixed on upstream trunk
Comment by Pierre Schmitz (Pierre) - Tuesday, 10 November 2009, 07:27 GMT
Renegotiating is disabled due to a design issue in TLS (not openssl itself but the protocol), which would allow MTM attacks. It's known that this will break some rare use cases. You should ask the tor developers if its possible to live without renegotiating; enabling a known insecure feature is not an option.

For reference see https://bugzilla.redhat.com/show_bug.cgi?id=533125 or search for CVE-2009-3555
Comment by Lyman Li (lyman) - Tuesday, 10 November 2009, 07:46 GMT
i see. i'll try to contact tor developer. thanks for your quick response.
Comment by Pierre Schmitz (Pierre) - Tuesday, 10 November 2009, 07:53 GMT
assigning to the Orphan Team because tor is unmaintained.
Comment by Lyman Li (lyman) - Tuesday, 10 November 2009, 08:04 GMT

Loading...