Advisory: remote DoS when using Tor with recent OpenSSL versions built with the "no-ssl3" option

This is a copy of the message Nick Mathewson sent to the tor-talk & tor-relays mailing lists.

Hello, relay operators!

There's one important bugfix in the release that relay operators should know about. If you have a version of OpenSSL that came out last week (like 1.0.1j, 1.0.0, ) and if your version of OpenSSL is built with the "no-ssl3" flag, then it's possible to crash your Tor relay remotely if you don't upgrade to or to (when that's out).

This appears to be an OpenSSL bug. The Tor releases in question contain a workaround for it.

To tell if your version of OpenSSL was built with 'no-ssl3': run:

  1. openssl s_client -ssl3 -connect <a href="[/geshifilter-code" rel="nofollow">[/geshifilter-code</a>]
  2. </p></blockquote>
  3. <p>If it gives you output beginning with something like:</p>
  4. <blockquote><p>
  5. [geshifilter-code]CONNECTED(00000003)<br />
  6. 140632971298688:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3<br />
  7. alert handshake failure:s3_pkt.c:1257:SSL alert number 40<br />
  8. 140632971298688:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl<br />
  9. handshake failure:s3_pkt.c:596:<br />

then you're fine and you don't need to upgrade Tor on your relay. But if it says something that starts with:

  1. unknown option -ssl3<br />
  2. usage: s_client args<br />

then you need to upgrade Tor.

Some questions and answers:

Q: Does this affect clients?
A: No. Only relays.

Q: Does this affect me if I'm running a version of OpenSSL other than 1.0.1j, 1.0.0o, or 0.9.8zc?
A: No. Only those versions.

Q: Does this affect me if I'm running a version of OpenSSL configured without the "no-ssl3" option?
A: No. Only versions that were built with the "no-ssl3" option are affected.

Q: Does the OpenSSL team know?
A: Yes. Have a look at this thread. Also, before I saw that thread, I informed them the other day.

Q: Does this affect Tor packages?
A: I don't think that we shipped any packages where we used the "no-ssl3" flag to diable ssl3. So only if you're using OpenSSL from another source (say, your operating system) will you be affected.

Q: What can I do to remediate this problem?
A: You can upgrade to the most recent Tor, or you can use a version of OpenSSL built without the "no-ssl3" flag. Downgrading your OpenSSL is not recommended.

Q: What is the potential impact of this bug?
A: If a relay is affected by this bug, anybody can make the relay crash remotely. It does not enable any data leaks or remote code execution. Still, the ability to selectively disable relays might enable a sophisticated attacker to do some kinds of traffic analysis more efficiently. So, fix your relay if it's affected.

Q: Should we run in circles and freak out?
A: Not this time. We should just make sure we fix affected relays.

Q: Hey, Nick, you didn't explain this properly!
A: Please send a follow-up message that explains it better. :)