Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3

2 files changed, 17 insertions, 0 deletions

diff --git a/changes/bug7139 b/changes/bug7139
new file mode 100644
index 0000000000..dfb7d32838
--- /dev/null
+++ b/changes/bug7139
@@ -0,0 +1,9 @@
+  o Major bugfixes (security):
+
+    - Disable TLS session tickets.  OpenSSL's implementation were giving
+      our TLS session keys the lifetime of our TLS context objects, when
+      perfect forward secrecy would want us to discard anything that
+      could decrypt a link connection as soon as the link connection was
+      closed.  Fixes bug 7139; bugfix on all versions of Tor linked
+      against OpenSSL 1.0.0 or later. Found by "nextgens".
+
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 53bcc98919..bec2c71232 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1195,6 +1195,14 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 #ifdef SSL_OP_NO_TLSv1_1
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
 #endif
+  /* Disable TLS tickets if they're supported.  We never want to use them;
+   * using them can make our perfect forward secrecy a little worse, *and*
+   * create an opportunity to fingerprint us (since it's unusual to use them
+   * with TLS sessions turned off).
+   */
+#ifdef SSL_OP_NO_TICKET
+  SSL_CTX_set_options(result->ctx, SSL_OP_NO_TICKET);
+#endif
 
   if (
 #ifdef DISABLE_SSL3_HANDSHAKE