[tor-bugs] #7139 [Tor]: Tor involuntarily sets TLS session tickets
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Oct 18 20:09:58 UTC 2012
#7139: Tor involuntarily sets TLS session tickets
-----------------------------------+----------------------------------------
Reporter: nextgens | Type: defect
Status: needs_review | Priority: major
Milestone: Tor: 0.2.2.x-final | Component: Tor
Version: | Keywords: tor-relay ssl tls security pfs
Parent: | Points:
Actualpoints: |
-----------------------------------+----------------------------------------
Comment(by nextgens):
You're not. PFS can't be achieved if you swap to disk... regardless of
whether you use TLS session tickets or not.
Now: another amendment of what I wrote above: for the record: OpenSSL does
stores the ticket's encryption key in SSL_CTX, which in Tor's case is
renewed every MAX_SSL_KEY_LIFETIME_INTERNAL... So that's your current PFS
interval... and my initial report was accurately describing what is
happening.
The reasons to disable TLS session tickets in Tor's case are:
- Not required / used at all (waste of CPU cycles and bandwidth)
- Less attack surface exposed (hardening)
- The PFS interval is MAX_SSL_KEY_LIFETIME_INTERNAL as you use 'ephemeral
certificates' (keep in mind if you plan on increasing it)
- The cipher negotiated is irrelevant ... No one will attack DHE-RSA-
AES256-SHA if the ticket is encrypted using AES-128... so that's
yetAnotherWaste of CPU cycles
There is no direct security implication warranting an emergency release
IMHO.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7139#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list