#24978: Tor doesn't work when built with (unreleased) OpenSSL 1.1.1 built with enable-tls1_3 -------------------------+------------------------------------------------- Reporter: nickm | Owner: nickm Type: defect | Status: assigned Priority: Medium | Milestone: Tor: 0.3.3.x-final Component: Core | Version: Tor/Tor | Keywords: 029-backport 031-backport Severity: Normal | 032-backport openssl Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | -------------------------+------------------------------------------------- From https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ :
>If you explicitly configure your ciphersuites then care should be taken to ensure that you are not inadvertently excluding all TLSv1.3 compatible ciphersuites. If a client has TLSv1.3 enabled but no TLSv1.3 ciphersuites configured then it will immediately fail (even if the server does not support TLSv1.3) with an error message That's the situation we're in now. When OpenSSL 1.1.1 releases in April, current Tor versions just won't work with it at all, since they have neither disabled TLS1.3 nor enabled any TLS1.3 ciphers. We have two options for fixing this: I'll implement both and we can see what we like. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24978> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs