On Fri, Jan 08, 2010 at 09:41:56PM +0100, Sebastian Hahn wrote: > On Jan 8, 2010, at 6:45 PM, Luis Maceira wrote: > > The well-known TLS renegotiating error which the tor-0.2.1.21 > > version was supposed to address persists on FreeBSD-8.0 updated as > > of today.The unstable version (0.2.2.6) same thing the error > > persists (On Linux and using tor-0.2.2.6 the error does not exist -I > > had this error only on Debian Testing and OpenSuSE)-. > > So,it seems to be a FreeBSD issue,more specifically after a recent > > FreeBSD update(when I no more could use tor). > > Right. Unfortunately, it seems that FreeBSD patched openssl in such a > way that it is entirely impossible for any application to enable > renegotiation. See > http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc > for details. This means that Tor will remain completely unusable on > FreeBSD with those patches built in until they either change the > patch, or Tor updates it protocol. I believe that Tor will update > eventually, but this might take a substantial amount of time.
Yep. See also http://archives.seul.org/tor/relays/Dec-2009/msg00016.html I don't want to cripple Tor's handshake on the relay side, since that would prevent people in censoring countries from doing the version of the TLS handshake that blends in better. Eventually we're going to do a smoother version of the handshake that doesn't require TLS renegotiation -- basically we'll do it by reimplementing what we need from the TLS protocol inside Tor at the cell level. But that could be half a year from now at least, and it's going to be a mess to get right. In the meantime, I guess we're at a standoff. "What the fuck, freebsd? Why did you break a system library?" --Roger *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
