[tor-bugs] #8443 [Tor]: SSL handshake filtered when MAX_SSL_KEY_LIFETIME_ADVERTISED is 365 days
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Mar 9 21:22:14 UTC 2013
#8443: SSL handshake filtered when MAX_SSL_KEY_LIFETIME_ADVERTISED is 365 days
------------------------+---------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-bridge | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
I spent some time this afternoon with cda, doing Tor handshakes from
inside Iran. The handshake completed, but then the TCP connection got cut,
when the SSL cert had a lifetime of 365 days.
When I changed the 365 to 65 in or.h, on the bridge, the TCP connection
survived.
(But that wasn't sufficient, since for some reason the directory request
wasn't getting through, or the response wasn't getting through.)
In any case, we should take steps to randomize our SSL link cert lifetime.
This is the follow-on ticket to #4014 (which we knew we'd need to do one
day, and this is the day).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8443>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list