[tor-bugs] #6465 [Tor Relay]: Build abstraction layer around TLS
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Sep 19 14:02:46 UTC 2012
#6465: Build abstraction layer around TLS
-----------------------+----------------------------------------------------
Reporter: andrea | Owner: andrea
Type: project | Status: needs_review
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor Relay | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by nickm):
Replying to [comment:30 andrea]:
> > General stuff: I'm perpetually terrified of breaking the handshake in
a way
> > to allow us to count as authenticated, or to process cells we
shouldn't, or
> > to send data we shouldn't, without actually completing the TLS
handshake and
> > verifying the other party with the Tor handshake. I'm also perpetually
afraid
> > of breaking the v2 or v1 TLS handshakes and not noticing because I
only
> > tested master against master.
>
> Hmm, good point. Got any suggestions on how to test stuff like this?
Right now, a combination of trying with different Tor versions and Tor
versions with some of the handshakes disabled is the only way I know to to
make sure the old handshakes work. I don't know a way other than code
audit to make completely sure that we can't handle any commands without
having first authenticated; whenever it seems unclear, we could add
defensive programming to make sure that it's impossible.
We could maybe at some point hack together in the scripting language of
anybody's choice an implementation of the various handshakes, and of some
of their broken variants, as an attempt to better fuzz and test this
stuff.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6465#comment:34>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list