[tor-dev] Potentially n00b question about Tor Cloud & Heartbleed
Peter B
peterb at accessnow.org
Mon Apr 21 16:34:58 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Ah, I just saw that Sina spoke to exactly this issue in your ticket
#11502. I'll continue this conversation out of list with him.
Peter B:
> hi all,
>
> As I understand, there are two steps to mitigating the Heartbled
> bug for Tor bridges:
>
> 1. Upgrade OpenSSL 2. rm -rf /var/lib/tor/keys/* and restart the
> tor procses
>
> While the bridges on Tor Cloud (and therefore Access' Global Proxy
> Cloud) are configured to automatically fetch updates, there is no
> way to complete step 2 with SSH access, correct? If so, is there
> any plan to deal with instances that were set up with the
> vulnerable version of OpenSSL, but whoever set up the instance has
> not or cannot regenerate the keys.
>
>
- --
Peter Bourgelais
Circumvention and Network Interference Technologist
Access | accessnow.org | rightscon.org
PGP ID: 0x1C16F6D8
Fingerprint: EC9B 18C2 EBF4 07E0 37C6 E306 6592 DE70 1C16 F6D8
Github: https://github.com/pbourgel
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJTVUixAAoJEGWS3nAcFvbYD5cP/iSgwaz4sYluNXugq2359qv1
Cn4fsUeNDA3w6RClT30r+S2hH92Tt+W0bnxBkaCnatMbjb1/F60NDf/3hBFBgpWD
fBmwWHd5aebCjzmEmUB9e92JLd7NLuidI2incpRw5q8NhecVlH5QZ1XYeDdn2+rh
7bvMy1OIj/mfdsXJ6LrpfLqlap6ubiKthvP7uxc3ym87IvKX5rMrOVko0B7rXoth
i1mJHMCmKAC7duim1ACZ3Jnvx1RU6kYeDXrwVmViMKKL97xTJgFAmvfH1Vqf6v2V
kGv61t57XgVPpllSsD3TCNVfEymo0u0UeGEYh/uWx7lGBmJkriV0sT5RnAFoBg0o
6g8bOMwFb4kxNwCPLWau/mwXEcjE33TTZ1dY7rUSDGEqxXgQj2CkVhs8Xp6yP/22
DNCml+nd5qaciUbGHqKZzFAiFa/6OOenpZxVAtqkxniUIwtHgIzNFo683E0fyTrE
uI3UpaVaEdaTITqYcVmtISvsJ7myZF9WI+BFGmZePbOXk6Uz7/w1URfVCihsJkyk
yPqEEMRLbZowoOdKNufqXLeECESI0dN3J43Ch5cwJdW+5bxivNofNcxFkZz4C5TL
3Nr2RMIgLylJWsUjtDl3t25529uH6wtZdS1glFsKii+gCvhwnx9NpHDg1X5suQWS
ho4Rct2UlTXSpiWkp626
=6nX6
-----END PGP SIGNATURE-----
More information about the tor-dev
mailing list