[tor-bugs] #6465 [Tor Relay]: Build abstraction layer around TLS
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Sep 19 19:05:30 UTC 2012
#6465: Build abstraction layer around TLS
-----------------------+----------------------------------------------------
Reporter: andrea | Owner: andrea
Type: project | Status: needs_review
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor Relay | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by nickm):
Replying to [comment:35 andrea]:
> Responses to part 4 (points in potential need of further discussion):
>
> > The removal of stats_n_vpadding_cells_processed and
> > stats_n_padding_cells_processed is a little worrisome; those cell
types are
> > still real, generic cell types. Must investigate to make sure they're
still
> > handled right. I think these probably need to go back in command.c
>
> Those ended up in channeltls.c; those are generic enough we should have
them in
> command.c, you think?
I think so. By the specification, padding cells are part of the Tor
protocol.
> > Oh, a subtle point I should have added to the list of stuff I worry
about:
> > I worry about making sure that there can be no data on the TLS
connection
> > before the handshake, and no data on the TLS connection before the
VERSIONS
> > cell. If anything gets sent first, the connection needs to close.
>
> See channel_tls_handle_cell() in channeltls.c; we set handshaking =
> (TO_CONN(conn)->state != OR_CONN_STATE_OPEN), which was the same test
> used in the old command_process_cell(), and then if we see anything
other
> than NETINFO or VERSIONS with that true we kill the connection.
ok. There also used to be a DOS issue where you could send a bunch of
data to bloat a server's buffers and get it ignored while the server was
waiting for a v2 tls handshake. But it's unlikely we reintroduced that
and kept the v3 handshake working too.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6465#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list