[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sun, 27 Nov 2011 20:23:05 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 27 Nov 2011 15:23:17 -0500
In-reply-to: <049.9a7816ce245774c12cccb8cb396a4bd8@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.9a7816ce245774c12cccb8cb396a4bd8@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4587: Bugs in tor_tls_got_client_hello()
------------------------+---------------------------------------------------
 Reporter:  Sebastian   |          Owner:                    
     Type:  defect      |         Status:  needs_review      
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by nickm_mobile):

 Replying to [comment:6 asn]:
 > FML. Fuck SGC as well, for ruining my 'One ClientHello per handshake'
 mental assert.
 >
 > As a fix, going by troll's suggestion, should we add another flag to
 `tor_tls_t` saying "Next ClientHello is a new handshake request."?
 > It will be toggled ON by default, and it will get toggled OFF when we
 increase the `server_handshake_count` at `tor_tls_got_client_hello()`. It
 will be toggled ON again when we get to `SSL_ST_OK`. The
 `server_handshake_count` will only be increased if the flag is ON.
 >
 > If the `SSL_ST_OK` state only occurs at the end of an SSL handshake, we
 will only consider the first ClientHello as a handshake request, and count
 handshakes (and renegotiations) correctly. I have '''not''' checked
 OpenSSL's code to see if `SSL_ST_OK` appears only in the end of the SSL
 handshake.
 >
 > What do the OpenSSL gurus think?

 First, I'd like to know if the fix I suggested (branch bug 4587 in my
 repo) works to address the issue stars is reporting above.

 That done, I want to see if the TLS rfc actually allows multiple
 clienthellos for any purpose othef than rengeotiations.  If not, we should
 call >2 clienthellos forbidden anyways, and just edit the log message to
 be less dire.  IM(basically unconsidered) opinion.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4587#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #4588 [Tor Relay]: Tor hang on with cpu at 100%
Next by Author: Re: [tor-bugs] #3335 [Tor Hidden Services]: Remove an HS's entries in last_hid_serv_requests when a connection attempt ends
Previous by thread: Re: [tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()
Next by thread: Re: [tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()
Index(es):
- Author
- Thread