[tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Oct 18 10:29:58 UTC 2012
#7139: Tor involuntarily sets TLS session tickets
-----------------------------------+----------------------------------------
Reporter: nextgens | Type: defect
Status: needs_review | Priority: major
Milestone: Tor: 0.2.2.x-final | Component: Tor
Version: | Keywords: tor-relay ssl tls security pfs
Parent: | Points:
Actualpoints: |
-----------------------------------+----------------------------------------
Comment(by nextgens):
So, my point number 2 in the original report is incorrect and should read:
2) security: It has implications regarding PFS (the key material
encrypting the ticket is ephemeral but might be swapped out to disk) and
exposes more attack surface than strictly necessary (Tor doesn't use the
tickets in any case)
The PFS interval is not linked to MAX_SSL_KEY_LIFETIME_INTERNAL at all.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7139#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list