[tor-bugs] #8179 [Tor]: stitched aes-ni ciphers in openssl 1.0.1d seems to break SSL Handshakes/Renegotiations
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 7 16:38:14 UTC 2013
#8179: stitched aes-ni ciphers in openssl 1.0.1d seems to break SSL
Handshakes/Renegotiations
----------------------------------------------------------+-----------------
Reporter: ruebezahl | Owner:
Type: defect | Status: new
Priority: critical | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version: Tor: 0.2.4.10-alpha
Keywords: openssl tor-client backport-022 backport-023 | Parent:
Points: | Actualpoints:
----------------------------------------------------------+-----------------
Comment(by nickm):
Adam Langley has investigated and encouraged the OpenSSL team to do so as
well: It appears that the code for using AEAD CBC ciphers with TLS is
broken in OpenSSL 1.0.1d. Right now, the stitched aesni-cbc-hmac-sha1
cipher is the only such cipher.
Since this is a pretty bad problem (and will break all commonly used AES
ciphers when used with AESNI), I'd hope that a fix will come out soon. To
detect this at runtime, we'll have to try doing a TLS connection with
ourselves: testing the cipher implementation itself won't work.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8179#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list