[tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Dec 5 01:56:21 UTC 2011
#4587: Bugs in tor_tls_got_client_hello()
---------------------------+------------------------------------------------
Reporter: Sebastian | Owner: nickm
Type: defect | Status: assigned
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: tls handshake | Parent:
Points: | Actualpoints:
---------------------------+------------------------------------------------
Comment(by asn):
I forgot to mention that if you send a ClientHello when the server expects
a Certificate (`SSL3_ST_SR_CERT_A` or `SSL3_ST_SR_CERT_B`), the server
will go back to SSL3_ST_SR_CLNT_HELLO_C, restart the handshake, send a
ServerHello, a Certificate and a ServerKeyExchange. So you don't need to
issue a renegotiation to load the server through a single TCP connection.
This means that if we are serious about SSL DoS vectors, we must discard
any clients doing the above. Furthermore, implementing this, immediately
introduces a bridge fingerprint, which this time cannot simply be removed
by disabling renegotiation/v2.
(You can PoC this using my clienthellotest.py)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4587#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list