Fwd: Re: Still problems with TLS negotiation

Hans de Hartog hansdehartog at gmail.com
Sun Jan 3 14:13:28 UTC 2010 

Hans Schnehl wrote:

>  On Sat, Jan 02, 2010 at 07:53:03PM +0100, Hans de Hartog wrote:
>
>>  Hi,
>>
>>  I upgraded all my servers from FreeBSD 7.2-RELEASE-p4 to 8.0-RELEASE
>>  and tor stopped working because of the TLS renegotiation problem.
>>  So I upgraded to tor 0.2.1.21 (promised to solve that problem) but the
>>  problem
>>  is still there. Going back to FreeBSD 7.2 is no option so I tried tor
>>  0.2.2.6-alpha.
>>
>
>  You need to compile the mentioned versions of Tor against openssl-0.9.8.l,
>  which is the one in the FreeBSD ports tree. neither 7-stable or 8-stable
>  ship with openssl-0.9.8.l, but the versions or Tor you are trying to run
>  need that version of openssl.
>
>
>
>>  Still no go. However, the error message (TLS error: unexpected close while
>>  renegotiating) is now suffixed with (SSL_ST_OK) but tor isn't doing any
>>  usefull
>>  work.
>>  If it helps: openssl version: 0.9.8k 25 Mar 2009 (I can not change that,
>>  it's part
>>  of the base system).
>>
>  You do not need to change that, just install the ports version in
>  addition.
>
>
>
>>  So, this was the end of a faithfull tor-supporting system, running for
>>  months as
>>  an exit-router... :-(
>>
>  No, it is not ! Keep going, please :) There is a thread under Tor-relays
>  dealing exactly with this issue. If you want to skip the 'introduction'
>  you may want to see :
>  http://archives.seul.org/tor/relays/Dec-2009/msg00013.html
>
>  which handles how to compile Tor  against openssl-0.9.8.l by using the ports
>  systems built in routines.
>
>  If you wish not to use this routine just scroll down and you will find a
>  description of how to do without.
>
>
>
>>  Regards,
>>  Hans.
>>
>  dito
>  ***********************************************************************
>  To unsubscribe, send an e-mail to majordomo at torproject.org with
>  unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
>
>
Thanks a lot! Tor is running again!

Summary (for FreeBSD 8.0-RELEASE):
  - install openssl from /usr/ports/security/openssl (which is version
0.9.8l)
  - add WITH_OPENSSL_PORT=YES to /etc/make.conf
  - rebuild and install tor from /usr/ports/security/tor (which is
version 0.2.1.21)
  - /usr/local/etc/rc.d/tor restart

Regards,
Hans.

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

More information about the tor-talk mailing list