Hi. The OpenBSD 4.6 errata OpenSSL TLS renegotiation patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/004_openssl.patch breaks stable release of Tor as described here (exactly the same issue on FreeBSD):
http://archives.seul.org/tor/relays/Dec-2009/msg00014.html Tor is not vulnerable to the attack when used with the broken OpenSSL, but the patch stops it from working correctly as described in the above thread. The issue is fixed only in the alpha version of Tor, and AFAIK won't be fixed in stable: https://blog.torproject.org/blog/tor-0226-alpha-released I don't want to run alpha Tor, or use broken OpenSSL. What should I do to make stable Tor run (I am not a coder, just a user - so I can't put up and hack up :) )? Are there any plans to replace OpenSSL with something more secure? Thanks.
