[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #11500 [Tor]: tor_tls_classify_client_ciphers() returns CIPHERS_UNRESTRICTED even if client sent old V2 cipher list and don't support all ciphers
#11500: tor_tls_classify_client_ciphers() returns CIPHERS_UNRESTRICTED even if
client sent old V2 cipher list and don't support all ciphers
-------------------------+------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Keywords: tor-relay | Actual Points:
Parent ID: | Points:
-------------------------+------------------------------------
tor_tls_classify_client_ciphers() returns CIPHERS_UNRESTRICTED even if
CIPHERS_V2 should be returned.
After prune v2_cipher_list to remove the ciphers server side don't
recognize it will remove at least `0xfeff` that is
SSL3_TXT_RSA_FIPS_WITH_3DES_EDE_CBC_SHA.
So v2_cipher_list ends:
...
0xc003, /* TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA */
0x000a, /* SSL3_TXT_RSA_DES_192_CBC3_SHA */
While peer sent cipher list that ends:
...
0xc003, /* TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA */
0xfeff, /* SSL3_TXT_RSA_FIPS_WITH_3DES_EDE_CBC_SHA */
0x000a, /* SSL3_TXT_RSA_DES_192_CBC3_SHA */
{{{
const uint16_t *v2_cipher = v2_cipher_list;
for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) {
SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i);
uint16_t id = cipher->id & 0xffff;
if (id == 0x00ff) /* extended renegotiation indicator. */
continue;
if (!id || id != *v2_cipher) {
res = CIPHERS_UNRESTRICTED;
goto dump_ciphers;
}}}
Then 0xfeff (from peer_ciphers) != 0x000a (from pruned list)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11500>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs