[tor-dev] Potentially n00b question about Tor Cloud & Heartbleed

Peter B peterb at accessnow.org
Mon Apr 21 16:34:58 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Ah, I just saw that Sina spoke to exactly this issue in your ticket
#11502.  I'll continue this conversation out of list with him.
Peter B:
> hi all,
> 
> As I understand, there are two steps to mitigating the Heartbled
> bug for Tor bridges:
> 
> 1. Upgrade OpenSSL 2. rm -rf /var/lib/tor/keys/* and restart the
> tor procses
> 
> While the bridges on Tor Cloud (and therefore Access' Global Proxy 
> Cloud) are configured to automatically fetch updates, there is no
> way to complete step 2 with SSH access, correct?  If so, is there
> any plan to deal with instances that were set up with the
> vulnerable version of OpenSSL, but whoever set up the instance has
> not or cannot regenerate the keys.
> 
> 

- -- 
Peter Bourgelais
Circumvention and Network Interference Technologist
Access | accessnow.org | rightscon.org
PGP ID: 0x1C16F6D8
Fingerprint: EC9B 18C2 EBF4 07E0 37C6 E306 6592 DE70 1C16 F6D8
Github: https://github.com/pbourgel
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTVUixAAoJEGWS3nAcFvbYD5cP/iSgwaz4sYluNXugq2359qv1
Cn4fsUeNDA3w6RClT30r+S2hH92Tt+W0bnxBkaCnatMbjb1/F60NDf/3hBFBgpWD
fBmwWHd5aebCjzmEmUB9e92JLd7NLuidI2incpRw5q8NhecVlH5QZ1XYeDdn2+rh
7bvMy1OIj/mfdsXJ6LrpfLqlap6ubiKthvP7uxc3ym87IvKX5rMrOVko0B7rXoth
i1mJHMCmKAC7duim1ACZ3Jnvx1RU6kYeDXrwVmViMKKL97xTJgFAmvfH1Vqf6v2V
kGv61t57XgVPpllSsD3TCNVfEymo0u0UeGEYh/uWx7lGBmJkriV0sT5RnAFoBg0o
6g8bOMwFb4kxNwCPLWau/mwXEcjE33TTZ1dY7rUSDGEqxXgQj2CkVhs8Xp6yP/22
DNCml+nd5qaciUbGHqKZzFAiFa/6OOenpZxVAtqkxniUIwtHgIzNFo683E0fyTrE
uI3UpaVaEdaTITqYcVmtISvsJ7myZF9WI+BFGmZePbOXk6Uz7/w1URfVCihsJkyk
yPqEEMRLbZowoOdKNufqXLeECESI0dN3J43Ch5cwJdW+5bxivNofNcxFkZz4C5TL
3Nr2RMIgLylJWsUjtDl3t25529uH6wtZdS1glFsKii+gCvhwnx9NpHDg1X5suQWS
ho4Rct2UlTXSpiWkp626
=6nX6
-----END PGP SIGNATURE-----


More information about the tor-dev mailing list