Opened 10 years ago

Last modified 7 years ago

#1226 closed defect (Duplicate)

Tor for Mac OSX will not work after install the Security Update 2010-001

Reported by: cluckly Owned by:
Priority: High Milestone:
Component: Core Tor/Tor Version: 0.2.1.21
Severity: Keywords:
Cc: cluckly Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

apple disabled the renegotiation in OpenSSL in this update.
So the tor all the systems that installed this update will fail to connect to the server.
The following warning will be showned:
TLS error: unexpected close while renegotiating (SSL_ST_OK)

please check http://support.apple.com/kb/HT4004 for the details

*

OpenSSL

CVE-ID: CVE-2009-3555

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL

Description: A man-in-the-middle vulnerability exists in the SSL and TLS protocols. Further information is available at http://www.phonefactor.com/sslgap A change to the renegotiation protocol is underway within the IETF. This update disables renegotiation in OpenSSL as a preventive security measure. The issue does not affect services using Secure Transport as it does not support renegotiation. Credit to Steve Dispensa and Marsh Ray of PhoneFactor, Inc. for reporting this issue.

[Automatically added by flyspray2trac: Operating System: OSX 10.4 Tiger]

Child Tickets

Change History (4)

comment:1 Changed 10 years ago by cluckly

duplicate of bug 1225

comment:2 Changed 10 years ago by cluckly

This is the caes that is using bridge. I do not know if it will affect those do not need bridge case.

comment:3 Changed 10 years ago by phobos

flyspray2trac: bug closed.
See bug 1226

comment:4 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.