https://www.openssl.org/news/secadv/20160503.txt In general I understand that padding oracle attacks are principally a hazard for browser communications. Am assuming that updating OpenSSL for this fix is not an urgent priority for a Tor Relay. If anyone knows different please comment.