summaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-10-17 19:57:27 -0400
committerNick Mathewson <nickm@torproject.org>2012-10-19 00:54:51 -0400
commit8743080a289a20bfaf0a67d6382ba0c2a6d6534d (patch)
tree257742806535d5dd9bce61c14ce56d457af1af10 /src/common
parent84f47ffc462dface8db1def322414daa43400d1c (diff)
downloadtor-8743080a289a20bfaf0a67d6382ba0c2a6d6534d.tar.gz
tor-8743080a289a20bfaf0a67d6382ba0c2a6d6534d.zip
Disable TLS Session Tickets, which we were apparently getting for free
OpenSSL 1.0.0 added an implementation of TLS session tickets, a "feature" that let session resumption occur without server-side state by giving clients an encrypted "ticket" that the client could present later to get the session going again with the same keys as before. OpenSSL was giving the keys to decrypt these tickets the lifetime of the SSL contexts, which would have been terrible for PFS if we had long-lived SSL contexts. Fortunately, we don't. Still, it's pretty bad. We should also drop these, since our use of the extension stands out with our non-use of session cacheing. Found by nextgens. Bugfix on all versions of Tor when built with openssl 1.0.0 or later. Fixes bug 7139.
Diffstat (limited to 'src/common')
-rw-r--r--src/common/tortls.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index c6316120f9..fc0bcb9524 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -804,6 +804,14 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
#ifdef SSL_OP_NO_TLSv1_1
SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
#endif
+ /* Disable TLS tickets if they're supported. We never want to use them;
+ * using them can make our perfect forward secrecy a little worse, *and*
+ * create an opportunity to fingerprint us (since it's unusual to use them
+ * with TLS sessions turned off).
+ */
+#ifdef SSL_OP_NO_TICKET
+ SSL_CTX_set_options(result->ctx, SSL_OP_NO_TICKET);
+#endif
if (
#ifdef DISABLE_SSL3_HANDSHAKE