[tor-bugs] #8443 [Tor]: SSL handshake filtered when MAX_SSL_KEY_LIFETIME_ADVERTISED is 365 days
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Mar 10 16:14:28 UTC 2013
#8443: SSL handshake filtered when MAX_SSL_KEY_LIFETIME_ADVERTISED is 365 days
------------------------+---------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: needs_revision
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-bridge | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by phw):
I downloaded the EFF's SSL observatory data and calculated the certificate
life times. Here are the top 20 in ascending order:
{{{
5159 1825 days, 0:00:00
5895 790 days, 23:59:59
6552 761 days, 0:00:00
7199 366 days, 23:59:59
7569 1461 days, 23:59:59
8503 760 days, 23:59:59
9101 369 days, 23:59:59
10190 1099 days, 23:59:59
10472 425 days, 23:59:59
14865 395 days, 23:59:59
15284 1826 days, 23:59:59
19428 731 days, 0:00:00
22130 1095 days, 0:00:00
51588 1096 days, 0:00:00
65542 730 days, 0:00:00
79855 1095 days, 23:59:59
85521 730 days, 23:59:59
85526 1826 days, 0:00:00
94504 365 days, 0:00:00
157614 365 days, 23:59:59
}}}
One year seems to be the most popular life time. Simply dropping such
certificates would imply a large collateral damage, so there is probably
something else we are missing so far.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8443#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list