[tor-bugs] #30242 [Applications/Tor Browser]: Impossible to change circuit for a site when its SSL certificate is invalid

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 18 19:54:01 UTC 2019


#30242: Impossible to change circuit for a site when its SSL certificate is invalid
-------------------------------------+-------------------------------------
 Reporter:  pf.team                  |          Owner:  tbb-team
     Type:  defect                   |         Status:  new
 Priority:  High                     |      Component:  Applications/Tor
                                     |  Browser
  Version:                           |       Severity:  Normal
 Keywords:  ssl tbb-8.0-issues tor-  |  Actual Points:
  circuit tbb-circuit-display        |
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+-------------------------------------
 When accessing a website that uses SSL and the browser raises a
 certificate error (certificate expired, doesn't match domain name etc) the
 user no longer can change the circuit by using the "New Circuit for this
 Site" button. Even if you press it, the browser still keeps using the old
 circuit.

 This is not just an interface error - the circuit remains unchanged, we've
 managed to reproduce this problem while dumping incoming traffic on one of
 our own services, and after the button was pressed, the requests still
 came from the same exit node.

 What is especially important, is that a certificate error may arise not
 only due to actual problems with certificate on the destination server,
 but also because the exit node is compromised and tries to conduct a Man-
 in-the-Middle attack. We observed cases when, with Tor Browser version 6
 and 7, the certificate error went away after changing the circuit, which
 points to the exit node itself being compromised.

 This issue does not allow the user to circumvent a potentially compromised
 exit node to exchange information safely, and forces users to either
 abandon their attempts altogether, accept the incorrect certificate and be
 compromised or go through the process of resetting the identity (that
 still works, but any and all sessions etc are lost, obviously).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30242>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list