Opened 9 years ago

Last modified 7 years ago

#1144 closed defect (Fixed)

tor bridge can not work with openssl 0.9.8l

Reported by: lyman Owned by:
Priority: High Milestone:
Component: Core Tor/Tor Version: 0.2.1.20
Severity: Keywords:
Cc: lyman, nickm, Sebastian, bsdtechie, Tuba, arma Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Description:

After upgrade to openssl-0.9.8l which fixed the MTM attack (for reference see https://bugzilla.redhat.com/show_bug.cgi?id=533125) by disabling renegotiating, tor(using bridge) stops working.
Tor should find another way without renegotiating. For linux distributions, enabling a known insecure feature is not an option.

Tor log:

Nov 10 14:31:15 cruiser Tor[9287]: Bootstrapped 5%: Connecting to directory server.
Nov 10 14:31:15 cruiser Tor[9287]: Bootstrapped 10%: Finishing handshake with directory server.
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: TLS error: unexpected close while renegotiating
Nov 10 14:31:16 cruiser Tor[9287]: Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 7; recommendation warn)

reference:

http://bugs.archlinux.org/task/17088

[Automatically added by flyspray2trac: Operating System: Other Linux]

Child Tickets

Change History (13)

comment:1 Changed 9 years ago by nickm

Already fixed in svn trunk and maint-0.2.1. The next releases will work
fine with OpenSSL 0.9.8L.

So you know, the recently discovered problem in TLS is not caused by renegotiation
per se; the problem is doing renegotiation, then acting as though data
sent _before_ the renegotiation were authenticated with the renegotiated
credentials. Most HTTPS implementations did this. Unfortunately, it turned
out that an attacker can do a limited MITM to inject arbitrary data in a TLS
session before using a renegotiation to turn control over to the client. If
the server treated the earlier data as being authenticated by the later renegotiated
credentials, it would be fooled into using the client's credentials to authenticate
the attacker's data.

The Tor protocol isn't vulnerable here because 1) it doesn't allow any data
to be sent before the renegotiation step, and 2) it doesn't treat a
renegotiation as authenticating previously exchanged data (because
there isn't any).

We've talked with our contacts in OpenSSL about this, and we're pretty sure
that our use of renegotiation is not vulnerable.

comment:2 Changed 9 years ago by lyman

I see, thx! Waiting for your next release :D

comment:3 Changed 9 years ago by bsdtechie

Of course same malfunction on a FreeBSD system (tor-devel-0.2.2.6.a,
torsocks-1.0_1). After reversing the SSL patch my tor server is up again.

See:
http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc
http://security.freebsd.org/patches/SA-09:15/ssl.patch

Downgrading of a security patch is normally not a good idea, but I can't see
another workaround.

comment:4 Changed 9 years ago by Sebastian

The problem is that FreeBSD decided to patch openssl to disallow renegotiation,
without giving applications a way to re-enable it like openssl upstream did. Tor
will not work on those system until they have changed this, or Tor is updated to
work without renegotiation. This might take a long time to happen, though.

comment:5 Changed 9 years ago by blackraven77

Found better workaround on FreeBSD-8, than downgrading openssl security patch: use libssl.so.5 from ports/misc/compat7x

/etc/libmap.conf:
usr/local/bin/tor
libssl.so.6 compat/libssl.so.5

Both ports/security/tor and ports/security/tor-devel works fine.

comment:6 Changed 9 years ago by agamemnon

I think this problem is supposed to have been fixed in 0.2.1.21; however, it persists here on FreeBSD 8-STABLE w/ Tor 0.2.1.21 installed from ports.

comment:7 Changed 9 years ago by arma

Pascal: you need to use the openssl from ports too. Freebsd's base openssl
broke renegotiation in a way that is, well, broken.

See also http://archives.seul.org/or/talk/Jan-2010/msg00076.html

comment:8 Changed 9 years ago by bazzoola

Roger Dingledine The link you provided does not work. It seems that seul.org is down.

Anyhow even using the port won't solve the problem. Here you go:

$ pkg_info | grep openssl
openssl-0.9.8l_2 SSL and crypto library

$ pkg_info | grep tor
tor-devel-0.2.2.6.a An anonymizing overlay network for TCP
torsocks-1.0_2 Most SOCKS-friendly applications way with Tor

$ uname -a
FreeBSD baz.local 7.2-STABLE FreeBSD 7.2-STABLE #10: Sat Jan 9 23:07:26 EST 2010 baz@…:/usr/obj/usr/src/sys/GENERIC amd64

$ # ldd /usr/local/bin/tor
/usr/local/bin/tor:

libz.so.4 => /lib/libz.so.4 (0x800730000)
libm.so.5 => /lib/libm.so.5 (0x800844000)
libevent-1.4.so.3 => /usr/local/lib/libevent-1.4.so.3 (0x80095e000)
libssl.so.7 => /usr/local/lib/libssl.so.7 (0x800a77000)
libcrypto.so.7 => /usr/local/lib/libcrypto.so.7 (0x800bc4000)
libthr.so.3 => /lib/libthr.so.3 (0x800e3c000)
libc.so.7 => /lib/libc.so.7 (0x800f54000)
librt.so.1 => /usr/lib/librt.so.1 (0x801169000)

$ tail /var/log/tor
Jan 14 15:40:05.903 [warn] TLS error: unexpected close while renegotiating (SSL_ST_OK)
Jan 14 15:40:05.904 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 86; recommendation warn)

comment:9 Changed 9 years ago by Tuba

This issue also affects Mac OS X now, as the latest security update contained OpenSSL 0.9.8l with renegotiation disabled, seemingly the same approach as the one made by FreeBSD (i.e. apps cannot enable renegotiation).

Output from the log, tested on Snow Leopard (10.6.2):

jan 24 19:07:39.501 [Notice] Bootstrapped 10%: Finishing handshake with directory server.
jan 24 19:07:39.644 [Warning] TLS error: unexpected close while renegotiating

Tor is basically useless on OS X until either the Apple team responsible for OpenSSL in OS X or the Tor project make the relevant changes to the respective ends of the code.

comment:10 Changed 9 years ago by Kara_H

Hopefully an update from either Apple or the Tor project is coming soon! I was relaying on a nice high speed connection and now can not.

comment:11 Changed 9 years ago by arma

I'm going to close this one. It's also a duplicate of bug 1225.

(The answer: upgrade your Tor bundle.)

comment:12 Changed 9 years ago by arma

flyspray2trac: bug closed.

comment:13 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.