[tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 4 12:58:41 UTC 2016

#18221: Validate our DH parameters to prevent socat-type fails.
 Reporter:  yawning          |          Owner:
     Type:  enhancement      |         Status:  needs_review
 Priority:  Medium           |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor              |        Version:  Tor: unspecified
 Severity:  Normal           |     Resolution:
 Keywords:  tor-core crypto  |  Actual Points:
Parent ID:                   |         Points:
  Sponsor:                   |

Comment (by yawning):

 Replying to [comment:6 bugzilla]:
 > It's a simple "check for fools". Not interesting. Can you specify
 ">=2048 bit" requirement for DH and prevent fallbacks, like Mozilla
 export-grade epic fail?

 Duh? It's a trivial check to prevent really silly mistakes, as a defense
 in depth measure.  It's not intended to be interesting.

 As to your question, "Not completely, no".

 There's 2 places in Tor that currently use non-elliptic curve DH:

  * The old TAP handshake (superceded by ntor, except for the current HSes)
 which is hardcoded to use 1024 bit DH.  Changing this breaks backwards
 compatibility and will break hidden services.  This use case is on the way
 out due to ntor and the prop 224 work.
  * TLS when one party does not support modern suites (ECDHE is
 prioritized).  This also is less and less likely as time goes on due to
 ECDHE support in 0.2.7.x and later being required.

 I wouldn't object to changing the TLS DH parameters to a 2048 bit group,
 but that's not all that interesting when the correct solution is "Use

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18221#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list