On Tue, 29 Dec 2009 21:16:22 +0000 nixlists <nixmli...@gmail.com> wrote:
> Hi. > > The OpenBSD 4.6 errata OpenSSL TLS renegotiation patch > ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/004_openssl.patch > breaks stable release of Tor as described here (exactly the same issue > on FreeBSD): > > http://archives.seul.org/tor/relays/Dec-2009/msg00014.html > > Tor is not vulnerable to the attack when used with the broken OpenSSL, > but the patch stops it from working correctly as described in the > above thread. The issue is fixed only in the alpha version of Tor, and > AFAIK won't be fixed in stable: > > https://blog.torproject.org/blog/tor-0226-alpha-released > > I don't want to run alpha Tor, or use broken OpenSSL. What should I do > to make stable Tor run (I am not a coder, just a user - so I can't put > up and hack up :) )? > > Are there any plans to replace OpenSSL with something more secure? > > Thanks. > It doesn't solve your problem, but Marco Pereboom's assl is relevant to your last question: http://www.peereboom.us/assl/html/openssl.html -- J.C. Roberts
