-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Ah, I just saw that Sina spoke to exactly this issue in your ticket #11502. I'll continue this conversation out of list with him. Peter B: > hi all, > > As I understand, there are two steps to mitigating the Heartbled > bug for Tor bridges: > > 1. Upgrade OpenSSL 2. rm -rf /var/lib/tor/keys/* and restart the > tor procses > > While the bridges on Tor Cloud (and therefore Access' Global Proxy > Cloud) are configured to automatically fetch updates, there is no > way to complete step 2 with SSH access, correct? If so, is there > any plan to deal with instances that were set up with the > vulnerable version of OpenSSL, but whoever set up the instance has > not or cannot regenerate the keys. > >
- -- Peter Bourgelais Circumvention and Network Interference Technologist Access | accessnow.org | rightscon.org PGP ID: 0x1C16F6D8 Fingerprint: EC9B 18C2 EBF4 07E0 37C6 E306 6592 DE70 1C16 F6D8 Github: https://github.com/pbourgel -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTVUixAAoJEGWS3nAcFvbYD5cP/iSgwaz4sYluNXugq2359qv1 Cn4fsUeNDA3w6RClT30r+S2hH92Tt+W0bnxBkaCnatMbjb1/F60NDf/3hBFBgpWD fBmwWHd5aebCjzmEmUB9e92JLd7NLuidI2incpRw5q8NhecVlH5QZ1XYeDdn2+rh 7bvMy1OIj/mfdsXJ6LrpfLqlap6ubiKthvP7uxc3ym87IvKX5rMrOVko0B7rXoth i1mJHMCmKAC7duim1ACZ3Jnvx1RU6kYeDXrwVmViMKKL97xTJgFAmvfH1Vqf6v2V kGv61t57XgVPpllSsD3TCNVfEymo0u0UeGEYh/uWx7lGBmJkriV0sT5RnAFoBg0o 6g8bOMwFb4kxNwCPLWau/mwXEcjE33TTZ1dY7rUSDGEqxXgQj2CkVhs8Xp6yP/22 DNCml+nd5qaciUbGHqKZzFAiFa/6OOenpZxVAtqkxniUIwtHgIzNFo683E0fyTrE uI3UpaVaEdaTITqYcVmtISvsJ7myZF9WI+BFGmZePbOXk6Uz7/w1URfVCihsJkyk yPqEEMRLbZowoOdKNufqXLeECESI0dN3J43Ch5cwJdW+5bxivNofNcxFkZz4C5TL 3Nr2RMIgLylJWsUjtDl3t25529uH6wtZdS1glFsKii+gCvhwnx9NpHDg1X5suQWS ho4Rct2UlTXSpiWkp626 =6nX6 -----END PGP SIGNATURE----- _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
