[tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 4 12:58:41 UTC 2016
#18221: Validate our DH parameters to prevent socat-type fails.
-----------------------------+------------------------------------
Reporter: yawning | Owner:
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: tor-core crypto | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------+------------------------------------
Comment (by yawning):
Replying to [comment:6 bugzilla]:
> It's a simple "check for fools". Not interesting. Can you specify
">=2048 bit" requirement for DH and prevent fallbacks, like Mozilla
export-grade epic fail?
Duh? It's a trivial check to prevent really silly mistakes, as a defense
in depth measure. It's not intended to be interesting.
As to your question, "Not completely, no".
There's 2 places in Tor that currently use non-elliptic curve DH:
* The old TAP handshake (superceded by ntor, except for the current HSes)
which is hardcoded to use 1024 bit DH. Changing this breaks backwards
compatibility and will break hidden services. This use case is on the way
out due to ntor and the prop 224 work.
* TLS when one party does not support modern suites (ECDHE is
prioritized). This also is less and less likely as time goes on due to
ECDHE support in 0.2.7.x and later being required.
I wouldn't object to changing the TLS DH parameters to a 2048 bit group,
but that's not all that interesting when the correct solution is "Use
P-256".
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18221#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list