[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13815 [Tor]: Attempt to port tor to Google's BoringSSL

Subject: Re: [tor-bugs] #13815 [Tor]: Attempt to port tor to Google's BoringSSL
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 13 Sep 2015 16:11:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 13 Sep 2015 12:11:31 -0400
In-reply-to: <044.b560b79c280c66d2044363cb23f20aaf@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.b560b79c280c66d2044363cb23f20aaf@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13815: Attempt to port tor to Google's BoringSSL
-----------------------------+--------------------------------
     Reporter:  teor         |      Owner:
         Type:  enhancement  |     Status:  assigned
     Priority:  normal       |  Milestone:  Tor: 0.2.8.x-final
    Component:  Tor          |    Version:  Tor: 0.2.6.1-alpha
   Resolution:               |   Keywords:  lorax tor-relay
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------

Comment (by nickm):

 Note:

 In an message (relayed here with permission), David Benjamin (BoringSSL
 hacker) informed me of a few things we should keep in mind if we tread
 this route:

   * BoringSSL isn't meant to maintain openssl compatibility, and might not
 be the library for us.
   * Neither SSL_renegotiate nor SSL_set_session_secret_cb will actually
 work here.
   * In place of the get_cipher_by_char craziness we could instead do
 SSL_get_cipher_by_value.
   * This seriously might not be the right library for the degree of
 shenanigans that Tor has tended to pull with the guts of the TLS
 implementation.

 Together this would imply that BoringSSL compatibility simply can't happen
 until we drop the v2 version of our TLS handshake.  And that we should
 probably consider the stuff we want to use BoringSSL for "supported by
 accident, at best."

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13815#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17047 [Tor]: Likely regression with Openssl 1.1+ and v2 handshake
Next by Author: Re: [tor-bugs] #16069 [Tor]: ipv4 + ipv6 exit : v6 policy is displayed twice, v4 isn't displayed
Previous by thread: Re: [tor-bugs] #13815 [Tor]: Attempt to port tor to Google's BoringSSL
Next by thread: [tor-bugs] #17047 [Tor]: Likely regression with Openssl 1.1+ and v2 handshake
Index(es):
- Author
- Thread