summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2019-03-29 13:38:48 -0400
committerteor <teor@torproject.org>2019-04-06 11:06:34 +1000
commit5cb94cbf9d89804ea37a2f1e68d354a86edb223e (patch)
tree68a136432f97025a6bee3fd382bedfc66b460fec /src
parent680fd3f8fb7157432398a3552ee9c98c72bd7397 (diff)
downloadtor-5cb94cbf9d89804ea37a2f1e68d354a86edb223e.tar.gz
tor-5cb94cbf9d89804ea37a2f1e68d354a86edb223e.zip
NSS: disable TLS1.2 SHA-384 ciphersuites.
In current NSS versions, these ciphersuites don't work with SSL_ExportKeyingMaterial(), which was causing relays to fail when they tried to negotiate the v3 link protocol authentication. Fixes bug 29241; bugfix on 0.4.0.1-alpha.
Diffstat (limited to 'src')
-rw-r--r--src/lib/tls/tortls_nss.c32
1 files changed, 32 insertions, 0 deletions
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index 4e107fae7b..3c62e98df1 100644
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -152,6 +152,32 @@ we_like_auth_type(SSLAuthType at)
}
}
+/**
+ * Return true iff this ciphersuite will be hit by a mozilla bug 1312976,
+ * which makes TLS key exporters not work with TLS 1.2 non-SHA256
+ * ciphersuites.
+ **/
+static bool
+ciphersuite_has_nss_export_bug(const SSLCipherSuiteInfo *info)
+{
+ /* For more information on the bug, see
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1312976 */
+
+ /* This bug only exists in TLS 1.2. */
+ if (info->authType == ssl_auth_tls13_any)
+ return false;
+
+ /* Sadly, there's no way to get this information from the
+ * CipherSuiteInfo object itself other than by looking at the
+ * name. */
+ if (strstr(info->cipherSuiteName, "_SHA384") ||
+ strstr(info->cipherSuiteName, "_SHA512")) {
+ return true;
+ }
+
+ return false;
+}
+
tor_tls_context_t *
tor_tls_context_new(crypto_pk_t *identity,
unsigned int key_lifetime, unsigned flags, int is_client)
@@ -256,6 +282,12 @@ tor_tls_context_new(crypto_pk_t *identity,
!we_like_mac_algorithm(info.macAlgorithm) ||
!we_like_auth_type(info.authType)/* Requires NSS 3.24 */;
+ if (ciphersuite_has_nss_export_bug(&info)) {
+ /* SSL_ExportKeyingMaterial will fail; we can't use this cipher.
+ */
+ disable = 1;
+ }
+
s = SSL_CipherPrefSet(ctx->ctx, ciphers[i],
disable ? PR_FALSE : PR_TRUE);
if (s != SECSuccess)