commit a7bd3d31373e1dd14eb67166ef4e1829efc904de Author: Mike Perry mikeperry-git@torproject.org Date: Tue Sep 17 14:55:09 2013 -0700

Disable timestamps in TLS handshake.

Only useful for linkability anyway. --- security/nss/lib/ssl/ssl3con.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index bc63013..6633006 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -781,16 +781,10 @@ ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion, static SECStatus ssl3_GetNewRandom(SSL3Random *random) { - PRUint32 gmt = ssl_Time(); SECStatus rv;

- random->rand[0] = (unsigned char)(gmt >> 24); - random->rand[1] = (unsigned char)(gmt >> 16); - random->rand[2] = (unsigned char)(gmt >> 8); - random->rand[3] = (unsigned char)(gmt); - - /* first 4 bytes are reserverd for time */ - rv = PK11_GenerateRandom(&random->rand[4], SSL3_RANDOM_LENGTH - 4); + /* Timestamps? We don't need no stinking timestamps. */ + rv = PK11_GenerateRandom(random->rand, SSL3_RANDOM_LENGTH); if (rv != SECSuccess) { ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE); }