diff options
author | Roger Dingledine <arma@torproject.org> | 2013-03-09 17:16:11 -0500 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2013-03-10 23:38:18 -0400 |
commit | edd6f02273c58bfe39a978dd5c7b8765aae0b886 (patch) | |
tree | 967a5600dee954b899cb7e34da8467f1a0e425c3 | |
parent | 599aeef9bc9e707ec7146da79b2018bf2f2924b3 (diff) | |
download | tor-edd6f02273c58bfe39a978dd5c7b8765aae0b886.tar.gz tor-edd6f02273c58bfe39a978dd5c7b8765aae0b886.zip |
randomize SSLKeyLifetime by default
resolves ticket 8443.
-rw-r--r-- | changes/ticket8443 | 4 | ||||
-rw-r--r-- | doc/tor.1.txt | 9 | ||||
-rw-r--r-- | src/or/config.c | 2 | ||||
-rw-r--r-- | src/or/or.h | 3 | ||||
-rw-r--r-- | src/or/router.c | 4 |
5 files changed, 18 insertions, 4 deletions
diff --git a/changes/ticket8443 b/changes/ticket8443 new file mode 100644 index 0000000000..ca6fb2f471 --- /dev/null +++ b/changes/ticket8443 @@ -0,0 +1,4 @@ + o Minor features: + - Randomize the lifetime of our SSL link certificate, so censors can't + use the static value for filtering Tor flows. Resolves ticket 8443; + related to ticket 4014 which was included in 0.2.2.33. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 75bca79378..505a0834b5 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1500,8 +1500,13 @@ is non-zero): **ShutdownWaitLength** __NUM__:: When we get a SIGINT and we're a server, we begin shutting down: we close listeners and start refusing new circuits. After **NUM** - seconds, we exit. If we get a second SIGINT, we exit immedi- - ately. (Default: 30 seconds) + seconds, we exit. If we get a second SIGINT, we exit immediately. + (Default: 30 seconds) + +**SSLKeyLifetime** __N__ **minutes**|**hours**|**days**|**weeks**:: + When creating a link certificate for our outermost SSL handshake, + set its lifetime to this amount of time. If set to 0, Tor will choose + some reasonable random defaults. (Default: 0) **HeartbeatPeriod** __N__ **minutes**|**hours**|**days**|**weeks**:: Log a heartbeat message every **HeartbeatPeriod** seconds. This is diff --git a/src/or/config.c b/src/or/config.c index b7613bdf92..15138f9d7b 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -380,7 +380,7 @@ static config_var_t option_vars_[] = { V(SocksPolicy, LINELIST, NULL), VPORT(SocksPort, LINELIST, NULL), V(SocksTimeout, INTERVAL, "2 minutes"), - V(SSLKeyLifetime, INTERVAL, "365 days"), + V(SSLKeyLifetime, INTERVAL, "0"), OBSOLETE("StatusFetchPeriod"), V(StrictNodes, BOOL, "0"), OBSOLETE("SysLog"), diff --git a/src/or/or.h b/src/or/or.h index a71468c1c6..c7d259853b 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4008,7 +4008,8 @@ typedef struct { */ int DisableV2DirectoryInfo_; - /** What expiry time shall we place on our SSL certs? */ + /** What expiry time shall we place on our SSL certs? "0" means we + * should guess a suitable value. */ int SSLKeyLifetime; } or_options_t; diff --git a/src/or/router.c b/src/or/router.c index c9c35f6132..211366351b 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -659,6 +659,10 @@ router_initialize_tls_context(void) else if (!strcasecmp(options->TLSECGroup, "P224")) flags |= TOR_TLS_CTX_USE_ECDHE_P224; } + if (!lifetime) { /* we should guess a good ssl cert lifetime */ + /* choose between 1 and 365 days */ + lifetime = 1*24*3600 + crypto_rand_int(364*24*3600); + } /* It's ok to pass lifetime in as an unsigned int, since * config_parse_interval() checked it. */ |