GitLab

Running a simple Tor relay on Debian Buster seems to report TLS 1.3 related OpenSSL internal errors. Not entirely sure how a function named tls13_hkdf_expand can fail, but I'm sure OpenSSL found a way.

Nov 26 01:07:40.000 [warn] Unhandled OpenSSL errors found at ../src/common/buffers_tls.c:65:
Nov 26 01:07:40.000 [warn] TLS error: internal error (in SSL routines:tls13_hkdf_expand:---)

FROM debian:buster
ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt-get install -y apt-transport-https gnupg ca-certificates

RUN echo "deb https://deb.torproject.org/torproject.org buster main" > /etc/apt/sources.list.d/tor.list
RUN echo "deb-src https://deb.torproject.org/torproject.org buster main" >> /etc/apt/sources.list.d/tor.list

RUN gpg --no-tty --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
RUN gpg --no-tty --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -

RUN apt-get update && apt-get install -y tor deb.torproject.org-keyring nyx

ADD torrc /etc/tor/torrc

RUN useradd --user-group --system --create-home tor
USER tor

RUN mkdir -p /home/tor/.tor/keys
VOLUME /home/tor/.tor

EXPOSE 9001

ENTRYPOINT ["tor"]

Nov 26 01:07:27.114 [notice] Tor 0.3.4.9 (git-de9ea9f0dfc5ecae) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1a, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.5.
Nov 26 01:07:27.114 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 26 01:07:27.115 [notice] Read configuration file "/etc/tor/torrc".
Nov 26 01:07:27.117 [notice] Based on detected system memory, MaxMemInQueues is set to 5767 MB. You can override this by setting MaxMemInQueues by hand.
Nov 26 01:07:27.118 [notice] Scheduler type KIST has been enabled.
Nov 26 01:07:27.118 [notice] Opening OR listener on 0.0.0.0:9999
Nov 26 01:07:31.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Nov 26 01:07:31.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Nov 26 01:07:31.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Nov 26 01:07:31.000 [notice] Your Tor server's identity key fingerprint is 'ToBeAnnounced 2EC042F4274CC8A54381C78E8D1BF322FA26A095'
Nov 26 01:07:31.000 [notice] Bootstrapped 0%: Starting
Nov 26 01:07:39.000 [notice] Starting with guard context "default"
Nov 26 01:07:39.000 [notice] Bootstrapped 5%: Connecting to directory server
Nov 26 01:07:39.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Nov 26 01:07:39.000 [notice] Bootstrapped 50%: Loading relay descriptors
Nov 26 01:07:40.000 [warn] Unhandled OpenSSL errors found at ../src/common/buffers_tls.c:65:
Nov 26 01:07:40.000 [warn] TLS error: internal error (in SSL routines:tls13_hkdf_expand:---)
Nov 26 01:07:40.000 [notice] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 5519/6239).
Nov 26 01:07:41.000 [notice] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 5506/6327).
Nov 26 01:07:42.000 [warn] Unhandled OpenSSL errors found at ../src/common/buffers_tls.c:65:
Nov 26 01:07:42.000 [warn] TLS error: internal error (in SSL routines:tls13_hkdf_expand:---)
Nov 26 01:07:49.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Nov 26 01:07:50.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Nov 26 01:07:50.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Nov 26 01:07:51.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Nov 26 01:07:51.000 [notice] Bootstrapped 100%: Done

Trac:
Username: filippo