[tor-dev] Potentially n00b question about Tor Cloud & Heartbleed

Peter B peterb at accessnow.org
Mon Apr 21 16:18:49 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

hi all,

As I understand, there are two steps to mitigating the Heartbled bug
for Tor bridges:

1. Upgrade OpenSSL
2. rm -rf /var/lib/tor/keys/* and restart the tor procses

While the bridges on Tor Cloud (and therefore Access' Global Proxy
Cloud) are configured to automatically fetch updates, there is no way
to complete step 2 with SSH access, correct?  If so, is there any plan
to deal with instances that were set up with the vulnerable version of
OpenSSL, but whoever set up the instance has not or cannot regenerate
the keys.

- -- 
Peter Bourgelais
Circumvention and Network Interference Technologist
Access | accessnow.org | rightscon.org
PGP ID: 0x1C16F6D8
Fingerprint: EC9B 18C2 EBF4 07E0 37C6 E306 6592 DE70 1C16 F6D8
Github: https://github.com/pbourgel
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTVUToAAoJEGWS3nAcFvbY15oP/31qpnsLAFZZiuvsQ19jwx6C
74drB1P8zdr8cpAvCVMpmEGRE1hDHTB4iyKQ4rttaAhJu5D5ukP+pGvL+bIL7bTC
mzyww37gZE4Fh/ydyaUEQSPw6dBR0pMpKl61/DUKsvF2G/62gW8c5j/+ZXlvBYb8
5tX1ecfWF3LAuBDqrFK0EHtysZ8JfwjRz9aOBR/ZuGM9NKW2UN5iLljxsq7nKIIx
YFDKEwPJKPV8t4AsaAxv1Z6ctFqAOSmFObj5Ku9Ifc8vgpSKx9yZpuAttpfaEwYT
wf+PHvn1hZNzHb/UZ5ZaIBqP63w+xqTLUEmoDrO9qwSUsi2DhCPUCvKhQ7wzWsnZ
3U+GvmsV3c1JGHCroXii+B2hu04DI0fKxboyFdy+x19PvAMf4UAEIwAG+X0FO9dS
pd1F8Zq5ohXItjdAm6ZxGtOL1Q9KHU29G9liYjj/N9NYq7iQLd59CNhoELHulYoO
BYBUyTzVwASYIDPbcUZ63z23vCk+ymfX95JTj2J4LK0ZbmJWhe+23ZOIfXiF/v/t
5UBoSIPok336NmsNv7vGMV8O8PuqsEm6/Gv9CCETlUw+wzrSdlu3K0QhLjYagj0C
Fl8uEiKzH1LzavdBsSMfDKCGQya4LbvWSnDM2DmHWra3hPG6xJMvnMPxCdqr73dv
vGezCcQBb6limTdHW1xH
=xqRh
-----END PGP SIGNATURE-----


More information about the tor-dev mailing list