[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 05 Dec 2011 01:56:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 04 Dec 2011 20:56:32 -0500
In-reply-to: <049.9a7816ce245774c12cccb8cb396a4bd8@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.9a7816ce245774c12cccb8cb396a4bd8@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4587: Bugs in tor_tls_got_client_hello()
---------------------------+------------------------------------------------
 Reporter:  Sebastian      |          Owner:  nickm             
     Type:  defect         |         Status:  assigned          
 Priority:  major          |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client     |        Version:                    
 Keywords:  tls handshake  |         Parent:                    
   Points:                 |   Actualpoints:                    
---------------------------+------------------------------------------------

Comment(by asn):

 I forgot to mention that if you send a ClientHello when the server expects
 a Certificate (`SSL3_ST_SR_CERT_A` or `SSL3_ST_SR_CERT_B`), the server
 will go back to SSL3_ST_SR_CLNT_HELLO_C, restart the handshake, send a
 ServerHello, a Certificate and a ServerKeyExchange. So you don't need to
 issue a renegotiation to load the server through a single TCP connection.

 This means that if we are serious about SSL DoS vectors, we must discard
 any clients doing the above. Furthermore, implementing this, immediately
 introduces a bridge fingerprint, which this time cannot simply be removed
 by disabling renegotiation/v2.

 (You can PoC this using my clienthellotest.py)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4587#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #4219 [Website]: Update docs/faq#DoesntWork
Next by Author: [tor-bugs] #4650 [Tor Client]: DisableDebuggerAttachment pretends to be disabled if you change it and hup
Previous by thread: Re: [tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()
Next by thread: Re: [tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()
Index(es):
- Author
- Thread