Page MenuHomePhabricator

torproject.org tlsv1.0 downgrade regressino breaks tb-updater breaks building Whonix
Closed, ResolvedPublic

Description

torproject.org SSL changes break tb-updater breaks Whonix build process.

https://trac.torproject.org/projects/tor/ticket/25426

https://forums.whonix.org/t/failure-to-download-tor-browser-ssl-fail

Downgrading from curl --tlsv1.2 to --tlsv1.0 seems weird.

What do we do? Download from torproject onion by default? That however would make building Whonix without being behing Tor fail since it couldn't connect to onions by default.

These users we would recommend to build using --tb none for "not install Tor Browser". Hopefully --tb none is even working. Not easy to propagate variable all the way down to tb-updater.

Details

Impact
High

Event Timeline

Patrick created this task.Mar 6 2018, 12:48 AM
Patrick triaged this task as Unbreak Now! priority.
iry added a subscriber: iry.Mar 21 2018, 9:37 PM
iry added a comment.Mar 21 2018, 9:41 PM

The ticket can be closed now since TPO has fixed the problem. (I do not have the permission to close it.)

Related ticket:
https://trac.torproject.org/projects/tor/ticket/25354

SSL status of www.torproject.org:
https://www.ssllabs.com/ssltest/analyze.html?d=www.torproject.org

Patrick closed this task as Resolved.Mar 23 2018, 3:41 PM
Patrick claimed this task.

Thanks! :)