[tor-bugs] #12234 [Tor]: Add Option to ControlPort for SSL/TLS Support
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jun 8 19:03:17 UTC 2014
#12234: Add Option to ControlPort for SSL/TLS Support
-------------------------+---------------------
Reporter: blentz | Owner:
Type: enhancement | Status: new
Priority: minor | Milestone:
Component: Tor | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
I was thinking perhaps there should be an option to wrap the ControlPort
socket in SSL. In the cases where TCP 127.0.0.1 or a Unix domain socket is
used, this is admittedly of no value.
However, anywhere a remote TCP socket is allowed to interact with the tor
ControlPort, we should probably have the option of encrypting the data
(e.g. AUTHENTICATE and anything sensitive) while in transit over the
network, where it could be subject to interception.
Interacting with the daemon could be done with openssl s_client if done by
hand. The commonly-used controlport clients would have to enhanced as well
to support use of SSL/TLS.
Without this, we'd have to stunnel or ssh tunnel this socket, implying
those facilities were available on the host and/or platform.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12234>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list