On Fri, Apr 23, 2010 at 08:51:32PM -0500, Scott Bennett wrote: > I hope that, in the future, openssl.org will make some effort to > coordinate such things with the various operating system developers in > a way that avoids turning the situation into such a cl*****f*** again. > It's obviously been a nightmare for you and the rest of the tor project, > and I'd bet heavily that the tor project is not the only one so affected. > > >But we haven't yet put out a stable release that includes that patch. > > > >So if you upgraded to the latest 0.2.2.x-alpha to get the fixes for other > >bugs, you would get the fix for this bug too. Let us know if it works. > > > Are there any ideas floating around yet as to why tor doesn't work > with openssl 1.0.0?
It does work, as far as I am told. Or are you talking about yet another operating system vendor that crippled its openssl in some new way? I believe some of the BSDs took tls renegotiation out of their openssl entirely. It's quite possible they would be bold enough to declare that their openssl is the real openssl 1.0.0. The only answer there is to not use their crippled openssl. Has anybody else here tried Tor with openssl 1.0.0 and found that it worked / didn't work? --Roger *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
