Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #28616

Closed (moved)
Open
Opened Nov 26, 2018 by Trac@tracbot

TLS internal error running Tor 0.3.4.9 on Debian Buster (OpenSSL 1.1.1a)

Running a simple Tor relay on Debian Buster seems to report TLS 1.3 related OpenSSL internal errors. Not entirely sure how a function named tls13_hkdf_expand can fail, but I'm sure OpenSSL found a way.

Nov 26 01:07:40.000 [warn] Unhandled OpenSSL errors found at ../src/common/buffers_tls.c:65:
Nov 26 01:07:40.000 [warn] TLS error: internal error (in SSL routines:tls13_hkdf_expand:---)
FROM debian:buster
ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt-get install -y apt-transport-https gnupg ca-certificates

RUN echo "deb https://deb.torproject.org/torproject.org buster main" > /etc/apt/sources.list.d/tor.list
RUN echo "deb-src https://deb.torproject.org/torproject.org buster main" >> /etc/apt/sources.list.d/tor.list

RUN gpg --no-tty --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
RUN gpg --no-tty --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -

RUN apt-get update && apt-get install -y tor deb.torproject.org-keyring nyx

ADD torrc /etc/tor/torrc

RUN useradd --user-group --system --create-home tor
USER tor

RUN mkdir -p /home/tor/.tor/keys
VOLUME /home/tor/.tor

EXPOSE 9001

ENTRYPOINT ["tor"]
Nov 26 01:07:27.114 [notice] Tor 0.3.4.9 (git-de9ea9f0dfc5ecae) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1a, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.5.
Nov 26 01:07:27.114 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 26 01:07:27.115 [notice] Read configuration file "/etc/tor/torrc".
Nov 26 01:07:27.117 [notice] Based on detected system memory, MaxMemInQueues is set to 5767 MB. You can override this by setting MaxMemInQueues by hand.
Nov 26 01:07:27.118 [notice] Scheduler type KIST has been enabled.
Nov 26 01:07:27.118 [notice] Opening OR listener on 0.0.0.0:9999
Nov 26 01:07:31.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Nov 26 01:07:31.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Nov 26 01:07:31.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Nov 26 01:07:31.000 [notice] Your Tor server's identity key fingerprint is 'ToBeAnnounced 2EC042F4274CC8A54381C78E8D1BF322FA26A095'
Nov 26 01:07:31.000 [notice] Bootstrapped 0%: Starting
Nov 26 01:07:39.000 [notice] Starting with guard context "default"
Nov 26 01:07:39.000 [notice] Bootstrapped 5%: Connecting to directory server
Nov 26 01:07:39.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Nov 26 01:07:39.000 [notice] Bootstrapped 50%: Loading relay descriptors
Nov 26 01:07:40.000 [warn] Unhandled OpenSSL errors found at ../src/common/buffers_tls.c:65:
Nov 26 01:07:40.000 [warn] TLS error: internal error (in SSL routines:tls13_hkdf_expand:---)
Nov 26 01:07:40.000 [notice] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 5519/6239).
Nov 26 01:07:41.000 [notice] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 5506/6327).
Nov 26 01:07:42.000 [warn] Unhandled OpenSSL errors found at ../src/common/buffers_tls.c:65:
Nov 26 01:07:42.000 [warn] TLS error: internal error (in SSL routines:tls13_hkdf_expand:---)
Nov 26 01:07:49.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Nov 26 01:07:50.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Nov 26 01:07:50.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Nov 26 01:07:51.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Nov 26 01:07:51.000 [notice] Bootstrapped 100%: Done

Trac:
Username: filippo

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Tor: 0.4.0.x-final
Milestone
Tor: 0.4.0.x-final
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#28616