[tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sun Nov 27 20:23:05 UTC 2011


#4587: Bugs in tor_tls_got_client_hello()
------------------------+---------------------------------------------------
 Reporter:  Sebastian   |          Owner:                    
     Type:  defect      |         Status:  needs_review      
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by nickm_mobile):

 Replying to [comment:6 asn]:
 > FML. Fuck SGC as well, for ruining my 'One ClientHello per handshake'
 mental assert.
 >
 > As a fix, going by troll's suggestion, should we add another flag to
 `tor_tls_t` saying "Next ClientHello is a new handshake request."?
 > It will be toggled ON by default, and it will get toggled OFF when we
 increase the `server_handshake_count` at `tor_tls_got_client_hello()`. It
 will be toggled ON again when we get to `SSL_ST_OK`. The
 `server_handshake_count` will only be increased if the flag is ON.
 >
 > If the `SSL_ST_OK` state only occurs at the end of an SSL handshake, we
 will only consider the first ClientHello as a handshake request, and count
 handshakes (and renegotiations) correctly. I have '''not''' checked
 OpenSSL's code to see if `SSL_ST_OK` appears only in the end of the SSL
 handshake.
 >
 > What do the OpenSSL gurus think?

 First, I'd like to know if the fix I suggested (branch bug 4587 in my
 repo) works to address the issue stars is reporting above.

 That done, I want to see if the TLS rfc actually allows multiple
 clienthellos for any purpose othef than rengeotiations.  If not, we should
 call >2 clienthellos forbidden anyways, and just edit the log message to
 be less dire.  IM(basically unconsidered) opinion.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4587#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list