[tor-commits] [tor/maint-0.2.2] Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support

nickm at torproject.org nickm at torproject.org
Mon Jun 4 15:36:22 UTC 2012


commit 841a8d551abd191b23ad2f78dfb07d9e4ff8ace2
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sat Jun 2 20:05:32 2012 -0400

    Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support
    
    It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
    decides to renegotiate, the client will send a record with version "1.0"
    rather than with the current TLS version.  This would cause the
    connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
    handshake was in use.
    
    As a workaround, disable TLS 1.1 and TLS 1.2.  When a later version of
    OpenSSL is released, we can make this conditional on running a fixed
    version of OpenSSL.
    
    Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
    side.  But doing it this way for now means that we not only fix TLS with
    patched clients; we also fix TLS when the server has this patch and the
    client does not.  That could be important to keep the network running
    well.
    
    Fixes bug 6033.
---
 changes/bug6033     |    6 ++++++
 src/common/tortls.c |   15 +++++++++++++++
 2 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/changes/bug6033 b/changes/bug6033
new file mode 100644
index 0000000..56cffd6
--- /dev/null
+++ b/changes/bug6033
@@ -0,0 +1,6 @@
+  o Major bugfixes:
+    - Work around a bug in OpenSSL that broke renegotiation with
+      TLS 1.1 and TLS 1.2.  Without this workaround, all attempts
+      to speak the v2 Tor network protocol when both sides were
+      using OpenSSL 1.0.1 would fail.  Fix for bug 6033, which is
+      not a bug in Tor.
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 4c9d218..c631612 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -790,6 +790,21 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
     goto error;
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
 
+  /* Disable TLS1.1 and TLS1.2 if they exist.  We need to do this to
+   * workaround a bug present in all OpenSSL 1.0.1 versions (as of 1
+   * June 2012), wherein renegotiating while using one of these TLS
+   * protocols will cause the client to send a TLS 1.0 ServerHello
+   * rather than a ServerHello written with the appropriate protocol
+   * version.  Once some version of OpenSSL does TLS1.1 and TLS1.2
+   * renegotiation properly, we can turn them back on when built with
+   * that version. */
+#ifdef SSL_OP_NO_TLSv1_2
+  SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2);
+#endif
+#ifdef SSL_OP_NO_TLSv1_1
+  SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
+#endif
+
   if (
 #ifdef DISABLE_SSL3_HANDSHAKE
       1 ||





More information about the tor-commits mailing list