[tor-bugs] #8443 [Tor]: SSL handshake filtered when MAX_SSL_KEY_LIFETIME_ADVERTISED is 365 days

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#8443: SSL handshake filtered when MAX_SSL_KEY_LIFETIME_ADVERTISED is 365 days
------------------------+---------------------------------------------------
 Reporter:  arma        |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor         |        Version:                    
 Keywords:  tor-bridge  |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------
 I spent some time this afternoon with cda, doing Tor handshakes from
 inside Iran. The handshake completed, but then the TCP connection got cut,
 when the SSL cert had a lifetime of 365 days.

 When I changed the 365 to 65 in or.h, on the bridge, the TCP connection
 survived.

 (But that wasn't sufficient, since for some reason the directory request
 wasn't getting through, or the response wasn't getting through.)

 In any case, we should take steps to randomize our SSL link cert lifetime.

 This is the follow-on ticket to #4014 (which we knew we'd need to do one
 day, and this is the day).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8443>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs