[tor-commits] [tor/release-0.2.4] randomize SSLKeyLifetime by default

arma at torproject.org arma at torproject.org
Mon Mar 11 03:41:47 UTC 2013 

commit edd6f02273c58bfe39a978dd5c7b8765aae0b886
Author: Roger Dingledine <arma at torproject.org>
Date:   Sat Mar 9 17:16:11 2013 -0500

    randomize SSLKeyLifetime by default
    
    resolves ticket 8443.
---
 changes/ticket8443 |    4 ++++
 doc/tor.1.txt      |    9 +++++++--
 src/or/config.c    |    2 +-
 src/or/or.h        |    3 ++-
 src/or/router.c    |    4 ++++
 5 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/changes/ticket8443 b/changes/ticket8443
new file mode 100644
index 0000000..ca6fb2f
--- /dev/null
+++ b/changes/ticket8443
@@ -0,0 +1,4 @@
+  o Minor features:
+    - Randomize the lifetime of our SSL link certificate, so censors can't
+      use the static value for filtering Tor flows. Resolves ticket 8443;
+      related to ticket 4014 which was included in 0.2.2.33.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 75bca79..505a083 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1500,8 +1500,13 @@ is non-zero):
 **ShutdownWaitLength** __NUM__::
     When we get a SIGINT and we're a server, we begin shutting down:
     we close listeners and start refusing new circuits. After **NUM**
-    seconds, we exit. If we get a second SIGINT, we exit immedi-
-    ately. (Default: 30 seconds)
+    seconds, we exit. If we get a second SIGINT, we exit immediately.
+    (Default: 30 seconds)
+
+**SSLKeyLifetime** __N__ **minutes**|**hours**|**days**|**weeks**::
+    When creating a link certificate for our outermost SSL handshake,
+    set its lifetime to this amount of time. If set to 0, Tor will choose
+    some reasonable random defaults. (Default: 0)
 
 **HeartbeatPeriod**  __N__ **minutes**|**hours**|**days**|**weeks**::
     Log a heartbeat message every **HeartbeatPeriod** seconds. This is
diff --git a/src/or/config.c b/src/or/config.c
index b7613bd..15138f9 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -380,7 +380,7 @@ static config_var_t option_vars_[] = {
   V(SocksPolicy,                 LINELIST, NULL),
   VPORT(SocksPort,                   LINELIST, NULL),
   V(SocksTimeout,                INTERVAL, "2 minutes"),
-  V(SSLKeyLifetime,              INTERVAL, "365 days"),
+  V(SSLKeyLifetime,              INTERVAL, "0"),
   OBSOLETE("StatusFetchPeriod"),
   V(StrictNodes,                 BOOL,     "0"),
   OBSOLETE("SysLog"),
diff --git a/src/or/or.h b/src/or/or.h
index a71468c..c7d2598 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4008,7 +4008,8 @@ typedef struct {
    */
   int DisableV2DirectoryInfo_;
 
-  /** What expiry time shall we place on our SSL certs? */
+  /** What expiry time shall we place on our SSL certs? "0" means we
+   * should guess a suitable value. */
   int SSLKeyLifetime;
 
 } or_options_t;
diff --git a/src/or/router.c b/src/or/router.c
index c9c35f6..2113663 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -659,6 +659,10 @@ router_initialize_tls_context(void)
     else if (!strcasecmp(options->TLSECGroup, "P224"))
       flags |= TOR_TLS_CTX_USE_ECDHE_P224;
   }
+  if (!lifetime) { /* we should guess a good ssl cert lifetime */
+    /* choose between 1 and 365 days */
+    lifetime = 1*24*3600 + crypto_rand_int(364*24*3600);
+  }
 
   /* It's ok to pass lifetime in as an unsigned int, since
    * config_parse_interval() checked it. */

More information about the tor-commits mailing list