Delivery-Date: Thu, 05 Jun 2014 12:43:34 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by moria.seul.org (Postfix) with ESMTPS id CF9071E0A07
	for <archiver@seul.org>; Thu,  5 Jun 2014 12:43:29 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 359E62F6AA;
	Thu,  5 Jun 2014 16:43:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 933382F841
 for <tor-talk@lists.torproject.org>; Thu,  5 Jun 2014 16:34:22 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id FQO6lJwFkKDt for <tor-talk@lists.torproject.org>;
 Thu,  5 Jun 2014 16:34:22 +0000 (UTC)
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com
 [IPv6:2a00:1450:4010:c03::236])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 41D4F2F619
 for <tor-talk@lists.torproject.org>; Thu,  5 Jun 2014 16:34:22 +0000 (UTC)
Received: by mail-la0-f54.google.com with SMTP id pv20so767904lab.27
 for <tor-talk@lists.torproject.org>; Thu, 05 Jun 2014 09:34:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:date:message-id:subject:from:to:content-type;
 bh=8wuIYKeZKc4EQvcOmhUgPS5xjRHX7mkfiCPNRTtINU4=;
 b=tL9zMQmDOb7wAu+18hW3dq1HaR/jKsMIZtKWd3mbAbTgqGErv9yTeO/+vY65zunj7R
 9skyfZRmr2X6Q4bDsNmshLvh/gk94RYoFbQNOnWL+96g8GfRyXM/d40FfoHIB5uXRYSt
 7P9tP5fu3Tb/GuFReyvoqLWyblAKcaewP3dOO5FX430t1NsyJXeu1ILhM6RzaNxy4hXR
 i8+OxGg+LkiQMha9uyGadtQyzhIX1qOalhzEXv/fGfy3uCwqsYxbuvdxXA9X+1j5ih45
 h3YfipX5lKyWBLMFAksBI9vouSO4CeHfL5yhJYHkKaK0CGU4X3sxUSxRdlNAxYNvK/93
 7+Iw==
MIME-Version: 1.0
X-Received: by 10.152.87.228 with SMTP id bb4mr2938086lab.74.1401986058606;
 Thu, 05 Jun 2014 09:34:18 -0700 (PDT)
Received: by 10.112.139.234 with HTTP; Thu, 5 Jun 2014 09:34:18 -0700 (PDT)
Date: Thu, 5 Jun 2014 12:34:18 -0400
X-Google-Sender-Auth: 3IVn3mZ4i2JzpkAggg9Wyqo09c4
Message-ID: <CAKDKvuwEkdpZCOGiAY0Aaze5MMTVayCf5qSX2pDHJD=1JxFu4g@mail.gmail.com>
From: Nick Mathewson <nickm@freehaven.net>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
Subject: [tor-talk] Yet another OpenSSL vulnerability
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi, all!

There's another OpenSSL vulnerabilty.  This one is less terrible
than heartbleed, but it's still quite bad.  People have taken to
calling it the "EarlyCCS" attack: it will probably get less media
attention than heartbleed because its name is insufficiently scary.

The impact on Tor is that an adversary in the position to run a MITM
attack on a Tor client or relay could cause a TLS connection to be
negotiated without real encryption or authentication.

This attack is possible if the connection initiator (client or
relay) is running an unpatched OpenSSL, and if the relay is running
an unpatched OpenSSL 1.0.1.  If either party has upgraded, or if the
relay is running a version before 1.0.1, the attack fails.

The circuit-layer crypto (which happens under the TLS layer) should
still provide significant protection for user communications over
Tor.  But a MITM attack of this kind could still help traffic
analysis, and likely other unexpected badness as well.

Because of this, I'd strongly recommend that everybody should
upgrade. If you're using Tor packages from our website, please
update to the latest versions as soon as they're available; I hope
that will be very soon.  If your Tor is built against an OpenSSL
provided by your operating system distribution, please install the
vendor updates as soon as they're available.

Here's the official OpenSSL security advisory:

  https://www.openssl.org/news/secadv_20140605.txt

Here's a good write-up by Adam Langley, explaining this bug in detail:

  https://www.imperialviolet.org/2014/06/05/earlyccs.html

Here's a post from the original discoverer of the bug.

  http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html

And here's the vulnerability's website (since all vulnerabilities
have a website), complete with scary logo:

  http://ccsinjection.lepidum.co.jp/

(As a side-note, you should also be concerned about OpenSSL-based
applications that you're using that _aren't_ Tor.  Tor is
comparatively resilient to having one layer of crypto removed; but
most protocols aren't.  Fortunately, Firefox/TorBrowser is using NSS
for its TLS crypto.)

(As a final side-note: today's OpenSSL releases fix some other bugs
too.  If you run other programs that use OpenSSL -- particularly
ones that do DTLS -- you should upgrade for that reason too.)

cheers,
-- 
Nick
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

