On Wed, Mar 4, 2015 at 5:26 AM, <starlight.201...@binnacle.cx> wrote: > Cipher-downgrade CVE-2015-0204 fixed in OpenSSL 1.0.1k. > > usual sensational write-up courtesy of El-Reg > > http://theregister.co.uk/security
I believe this doesn't affect Tor relays or clients, because we have never supported export ciphers or generated export keys. > For operators who don't obsess > over "non-critical" OpenSSL releases, > is it time to catch up? I would suggest that everybody should update their openssl releases as a matter of best practice, IMNSHO. For more information, Matthew Green's writeup is quite informative: http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
