[tor-talk] Tor and Openssl on old OSX [was Tor and Openssl bug CVE-2014-0160]
Andreas Krey
a.krey at gmx.de
Tue Apr 8 22:37:30 UTC 2014
On Tue, 08 Apr 2014 22:06:31 +0000, Geoff Down wrote:
>
...
> /library/tor/bin/tor:
> /opt/local/lib/libz.1.dylib (compatibility version 1.0.0,
> current version 1.2.5)
> /opt/local/lib/libevent-2.0.5.dylib (compatibility version
> 7.0.0, current version 7.4.0)
> /opt/local/lib/libssl.1.0.0.dylib (compatibility version 1.0.0,
> current version 1.0.0)
> /opt/local/lib/libcrypto.1.0.0.dylib (compatibility version
> 1.0.0, current version 1.0.0)
> /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
> version 88.1.12)
>
> libssl==openssl? If so, not vulnerable
Yes, and yes.
> > tor, when started, also tells the openssl version in the first message.
>
> Not any more, apparently, at Notice level. At Info level though:
> [info] tor_tls_init(): OpenSSL OpenSSL 1.0.0g 18 Jan 2012 looks like
> version 0.9.8m or later; I will try SSL_OP to enable renegotiation
> Looks promising.
Mine does (I just patched my relays):
Apr 08 20:59:34.454 [notice] Tor v0.2.4.21 (git-505962724c05445f) running on Linux with Libevent 1.4.13-stable and OpenSSL 1.0.1g.
Andreas
--
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
More information about the tor-talk
mailing list