openssl

Apple responded to my bug report about a broken openssl. I've since built test packages for OS X 10.5 and 10.6 users. Their response is:

Thank you for your report of this issue with Tor.

The issue you're seeing is because the current versions of the development tools were created before the OpenSSL security fix, and so do not include the "SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" definition in the OpenSSL headers.

You can work around this issue by supplying the definition to Tor directly, for example by compiling Tor using

CPPFLAGS='-DSSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION=0x0010' ./configure && make

This will work on both Leopard and Snow Leopard.

If you have an Intel (i386) Mac, use the normal i386 packages for Tor 0.2.2.8-alpha release at https://www.torproject.org/download.

If you have a PowerPC (ppc) Mac AND are running OS X 10.5 or 10.6, use these packages: read more »

Apple OS X Security Update 2010-001 removes OpenSSL renegotation, http://support.apple.com/kb/HT1222. We've filed a bug report with Apple on this issue. Their standard response so far is http://support.apple.com/kb/HT4004.

In the meanwhile, we have bug #1225 open, https://bugs.torproject.org/flyspray/index.php?do=details&id=1225. Add yourself to the Notifications if you want updates as they happen. A fine explanation of why Tor is not affected by the TLS renegotiation bug can be found at https://bugs.torproject.org/flyspray/index.php?do=details&id=1225&area=c...

Packages for testing are available at:
https://www.torproject.org/dist/testing/

READ THIS FINE PRINT: read more »

1. These will only work on OSX 10.5 and 10.6 (both i386 and powerpc). Tor fails to compile when using the 10.4 libraries and static openssl.
2. Tor-0.2.2.8-alpha-i386-Bundle.dmg is compiled to replace the tor
   

On November 19, we released the latest in the Tor alpha series, version 0.2.2.6-alpha. This release lays the groundwork for many upcoming features:
support for the new lower-footprint "microdescriptor" directory design,
future-proofing our consensus format against new hash functions or
other changes, and an Android port. It also makes Tor compatible with
the upcoming OpenSSL 0.9.8l release, and fixes a variety of bugs.

It can be downloaded at https://www.torproject.org/download.html.en

Major features:

• Directory authorities can now create, vote on, and serve multiple
  parallel formats of directory data as part of their voting process.
  Partially implements Proposal 162: "Publish the consensus in
  multiple flavors".

• Directory authorities can now agree on and publish small summaries
  of router information that clients can use in place of regular
  server descriptors. This transition will eventually allow clients read more »

Torbutton 1.2.0rc1 (released June 1), the first release candidate for the next stable series of the security-enhanced Torbutton Firefox extension, features functional support for Firefox 3. However, this support has not been extensively tested. In particular, timezone masking does not work at all. The workaround is to manually set the environment variable 'TZ' to 'UTC' before starting Firefox. This works on both Linux and Windows:
http://archives.seul.org/or/talk/Jun-2008/msg00044.html

Tor 0.2.0.27-rc (released June 3) adds a few features we left out of the earlier release candidates. In particular, we now include an IP-to-country GeoIP database, so controllers can easily look up what country a given relay is in, and so bridge relays can give us some sanitized summaries about which countries are making use of bridges. (See proposal 126-geoip-fetching.txt for details.)
http://archives.seul.org/or/talk/Jun-2008/msg00055.html

Torbutton 1.2.0rc2 (released June 8) features a fix for an annoying bug on MacOS, and adds much clamored for options to start Firefox in a specific Tor state:
http://archives.seul.org/or/talk/Jun-2008/msg00103.html

Tor 0.2.0.28-rc (released June 13) fixes an anonymity-related bug, fixes a hidden-service performance bug, and fixes a bunch of smaller bugs.
http://archives.seul.org/or/talk/Jun-2008/msg00165.html

Tor 0.2.1.1-alpha (released June 13) fixes a lot of memory fragmentation problems that were making the Tor process bloat especially on Linux; makes our TLS handshake blend in better; sends "bootstrap phase" status events to the controller, so it can keep the user informed of progress (and problems) fetching directory information and establishing circuits; and adds a variety of smaller features. http://archives.seul.org/or/talk/Jun-2008/msg00185.html

Vidalia 0.1.4 (released June 13) adds a bootstrap progress bar, UPnP support, a new set of freely licensed GUI icons, and fixes a few bugs. read more »

There have been a lot of questions today about just what the
recent Debian OpenSSL flaw means for Tor clients. Here's an attempt to
explain it in a bit more detail. (Go read the Tor security advisory before
reading this post.)

First, let's look at the security/anonymity implications for users who
aren't running on Debian, Ubuntu, or similar. These implications all
stem from the fact that some of the Tor relays and v3 directory authorities
have weak keys, so the Tor network isn't able to provide as much anonymity
as we would like.

The biggest issue is that perhaps 300 Tor relays were running with
weak keys and weak crypto, out of the roughly 1500-2000 total running
relays. What can an attacker do from this? If you happen to pick three
weak relays in a row for your circuit, then somebody watching your local
network connection (or watching the first relay you pick) could break all
the layers of Tor encryption and read the traffic as if they were watching
it at the exit relay. read more »

Tor-0.2.0.26-rc replaces several V3 directory authority keys affected by a recent Debian OpenSSL bug.

This is a security-critical release.

Everybody running any version in the 0.2.0.x series should upgrade, whether
they are running Debian or not. Also, all servers running any version of Tor
whose keys were generated by Debian, Ubuntu, or any derived distribution may
have to replace their identity keys. See our security advisory for full details. As always, you can find Tor 0.2.0.26-rc on the downloads page.

Changes in version 0.2.0.26-rc - 2008-05-13
Major security fixes:

• Use new V3 directory authority keys on the tor26, gabelmoo, and moria1 V3 directory authorities. The old keys were generated with a vulnerable version of Debian's OpenSSL package, and must be considered compromised. Other authorities' keys were not generatedwith an affected version of OpenSSL.

Major bugfixes:

• List authority signatures as "unrecognized" based on DirServer lines, not on cert cache. Bugfix on 0.2.0.x.

Minor features:

• Add a new V3AuthUseLegacyKey option to make it easier for authorities to change their identity keys if they have to.