-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 6/16/2014 11:49 PM, no.thing_to-hide@cryptopathie.eu wrote:

Hello Tor!

I run an internal Tor relay on Debian Wheezy. Today the OpenSSL version was updated to 1.0.1e-2+deb7u11 . Do I need to delete the old SSL keys like after the Heartbleed bug?

Thanks and best regards

Anton

_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

No, you do not need to delete the keys and you SHOULD NOT delete those keys if not in an extreme situation.

The latest OpenSSL vulnerability was not that bad, it had a different attack vector and an attacker could not have possibly gain your onion keys, unlike in heartbleed, where an attacker could read data out of your memory and theoretically compromise your onion keys.

It's a good thing you changed keys after heartbleed, but the latest vulnerability did not have such impact so you should not do the same, otherwise you will lose your current identity (relay), flags and all history associated with it in the consensus.

Tor-relay mail list (subscribe if you are not subscribed) will always tell you what you need to do, in such events. If you need to throw away onion keys and generate new keys for an existing relay, you will be clearly notified about it, if not, it means they were not affected.

In the latest OpenSSL bug you only needed to update OpenSSL, that's all.

- -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc