On Thu, Apr 17, 2014 at 08:58:46PM +0200, Lars Kumbier wrote:
I'm supposedly running one of the still affected tor-relays and since my relay is also a guard, I'm in the latest blocklist[1] (pre-upgrade fingerprint). I did upgrade the system on April 9th to openssl 1.0.1-4ubuntu5.12 - base system is an ubuntu 12.04.
According to the changelog[2], this should have fixed the heartbleed issue and according to this scanner[3], it should be as well. I did create new keys anyway, but just to be sure: Is the host[4] still affected as given in the blocklist?
Best, Lars __________________________________ [1] https://atlas.torproject.org/#details/9AB511B6894566C1CF56043CE60077D213CF1A... [2] https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12 [3] https://filippo.io/Heartbleed/#tor.kumbier.it [4] tor running on 5.9.165.90:443
A router at that IP with identity 9AB511B6894566C1CF56043CE60077D213CF1A1A tested positive for Heartbleed several times, most recently at 2014-04-17 10:19:18, before testing negative at 2014-04-17 18:51:46 (all times UTC). If you rotate the key you should be fine, but that key is potentially exposed.