Opened 6 years ago

Closed 6 years ago

#11441 closed defect (fixed)

OpenSSL bug CVE-2014-0160 fixes

Reported by: phobos Owned by:
Priority: Very High Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Keywords: openssl bad bad bad hearbeat heartbleed
Cc: phobos Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Respond to bad ssl libs, again.

Child Tickets

Change History (8)

comment:1 Changed 6 years ago by phobos

status as of now:

  • ran apt-get update && apt-get dist-upgrade on all hosts I can reach via ipv4 internet
  • restarted apache2 on 5 webservers for torproject.org
  • restarted apache2 on trac
  • restarted apache2 on gitweb

comment:2 Changed 6 years ago by phobos

  • restarted apache2 on blog

comment:3 Changed 6 years ago by phobos

certs rekeyed at digicert
blog.tpo cert rekeyed and renewed.

comment:4 Changed 6 years ago by weasel

all keys/certs rotated.

We might want to force an ldap password reset.

comment:5 Changed 6 years ago by mttp

The certificate I see for *.torproject.org is:

Issued Certificate
Version: 3
Serial Number: 09 48 B1 A9 3B 25 1D 0D B1 05 10 59 E2 C2 68 0A
Not Valid Before: 2013-10-22
Not Valid After: 2016-05-03
Certificate Fingerprints
SHA1: 84 24 56 56 8E D7 90 43 47 AA 89 AB 77 7D A4 94 3B A1 A7 D5
MD5: A4 16 66 80 AE B9 A4 EC AA 88 01 1B 6F B9 EB CB

For blog.torproject.org, I see:

Issued Certificate
Version: 3
Serial Number: 05 CA 2A A9 A5 D6 ED 44 C7 2D 88 1A 18 B0 E7 DC
Not Valid Before: 2014-04-09
Not Valid After: 2017-06-14
Certificate Fingerprints
SHA1: DE 20 3D 46 FD C3 68 EB BA 40 56 39 F5 FA FD F5 4E 3A 1F 83
MD5: 8A 8A A2 5E D9 7F 84 4C 8F 00 3B 43 E0 2D E6 4D

Can someone please confirm this is correct before I update https://www.torproject.org/docs/faq#SSLcertfingerprint

comment:6 Changed 6 years ago by phobos

Yes, these are correct.

comment:7 Changed 6 years ago by cypherpunks

Keywords: heartbleed added
Priority: normalcritical

comment:8 Changed 6 years ago by weasel

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.