stitched aes-ni ciphers in openssl 1.0.1d seems to break SSL Handshakes/Renegotiations
running the tor deamon with static openssl 1.0.1d led to masses of
[warn] 45 connections have failed: [warn] 32 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN [warn] 13 connections died in state renegotiating (TLS, v2 handshake) with SSL state SSLv3 read server hello A in RENEGOTIATE
while bootstraping the node. please see attached excerpt of the debug-log.
what's odd looking to my untrained eye there is:
[debug] tor_tls_debug_state_callback(): SSL 0x7f70e1390720 is now in state before accept initialization [type=16,val=1]. [debug] tor_tls_debug_state_callback(): SSL 0x7f70e1390720 is now in state before accept initialization [type=8193,val=1]. [debug] tor_tls_debug_state_callback(): SSL 0x7f70e1390720 is now in state SSLv3 read client hello B [type=16392,val=522]. [debug] tor_tls_debug_state_callback(): SSL 0x7f70e1390720 is now in state SSLv3 read client hello B [type=8194,val=-1]. [debug] TLS error while reading with [scrubbed]: unexpected message (in SSL routines:SSL3_GET_MESSAGE:SSLv3 read client hello B) [debug] tor_tls_read(): read returned r=-1, err=-9 [debug] connection_read_to_buf(): tls error [misc error]. breaking (nickname not set, address xx.xxx.xx.xx).
compiling tor with 1.0.0k seems to fix this.
Trac:
Username: ruebezahl