On Tue, 08 Apr 2014 22:06:31 +0000, Geoff Down wrote: > ... > /library/tor/bin/tor: > /opt/local/lib/libz.1.dylib (compatibility version 1.0.0, > current version 1.2.5) > /opt/local/lib/libevent-2.0.5.dylib (compatibility version > 7.0.0, current version 7.4.0) > /opt/local/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, > current version 1.0.0) > /opt/local/lib/libcrypto.1.0.0.dylib (compatibility version > 1.0.0, current version 1.0.0) > /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current > version 88.1.12) > > libssl==openssl? If so, not vulnerable
Yes, and yes. > > tor, when started, also tells the openssl version in the first message. > > Not any more, apparently, at Notice level. At Info level though: > [info] tor_tls_init(): OpenSSL OpenSSL 1.0.0g 18 Jan 2012 looks like > version 0.9.8m or later; I will try SSL_OP to enable renegotiation > Looks promising. Mine does (I just patched my relays): Apr 08 20:59:34.454 [notice] Tor v0.2.4.21 (git-505962724c05445f) running on Linux with Libevent 1.4.13-stable and OpenSSL 1.0.1g. Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800 -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
