[tor-bugs] #4822 [Tor Client]: Avoid vulnerability CVE-2011-4576 : Disable SSL3?

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Jan 4 22:58:19 UTC 2012 

#4822: Avoid vulnerability CVE-2011-4576 : Disable SSL3?
------------------------+---------------------------------------------------
 Reporter:  nickm       |          Owner:                    
     Type:  defect      |         Status:  needs_review      
 Priority:  critical    |      Milestone:  Tor: 0.2.1.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by rransom):

 Replying to [comment:5 rransom]:
 > This needs to be tested to determine whether a server which uses
 `TLSv1_method` can receive a connection from a client which uses
 `SSLv23_method`.  (When I read the OpenSSL documentation for those, it
 sort of hinted that that would not work.)

 BZZZT!  Wrong.  The documentation (`SSL_CTX_new(3ssl)`) says quite
 explicitly that that will not work:
 {{{
        TLSv1_method(void), TLSv1_server_method(void),
        TLSv1_client_method(void)
            A TLS/SSL connection established with these methods will only
            understand the TLSv1 protocol. A client will send out TLSv1
 client
            hello messages and will indicate that it only understands
 TLSv1. A
            server will only understand TLSv1 client hello messages. This
            especially means, that it will not understand SSLv2 client
 hello
            messages which are widely used for compatibility reasons, see
            SSLv23_*_method(). It will also not understand SSLv3 client
 hello
            messages.

        SSLv23_method(void), SSLv23_server_method(void),
        SSLv23_client_method(void)
            A TLS/SSL connection established with these methods will
 understand
            the SSLv2, SSLv3, and TLSv1 protocol. A client will send out
 SSLv2
            client hello messages and will indicate that it also
 understands
            SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and
 TLSv1
            client hello messages. This is the best choice when
 compatibility
            is a concern.
 }}}

 Can we afford to throw away all relays run on RHEL/CentOS and other crap
 OSes whose OpenSSL packages lie about their versions?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4822#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list