[tor-commits] [tor/release-0.4.0] NSS: disable TLS1.2 SHA-384 ciphersuites.
teor at torproject.org
teor at torproject.org
Sat Apr 6 02:27:04 UTC 2019
commit 5cb94cbf9d89804ea37a2f1e68d354a86edb223e
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Mar 29 13:38:48 2019 -0400
NSS: disable TLS1.2 SHA-384 ciphersuites.
In current NSS versions, these ciphersuites don't work with
SSL_ExportKeyingMaterial(), which was causing relays to fail when
they tried to negotiate the v3 link protocol authentication.
Fixes bug 29241; bugfix on 0.4.0.1-alpha.
---
changes/bug29241 | 6 ++++++
src/lib/tls/tortls_nss.c | 32 ++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/changes/bug29241 b/changes/bug29241
new file mode 100644
index 000000000..13951d116
--- /dev/null
+++ b/changes/bug29241
@@ -0,0 +1,6 @@
+ o Major bugfixes (NSS, relay):
+ - When running with NSS, disable TLS 1.2 ciphersuites that use SHA384
+ for their PRF. Due to an NSS bug, the TLS key exporters for these
+ ciphersuites don't work -- which caused relays to fail to handshake
+ with one another when these ciphersuites were enabled.
+ Fixes bug 29241; bugfix on 0.4.0.1-alpha.
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index 4e107fae7..3c62e98df 100644
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -152,6 +152,32 @@ we_like_auth_type(SSLAuthType at)
}
}
+/**
+ * Return true iff this ciphersuite will be hit by a mozilla bug 1312976,
+ * which makes TLS key exporters not work with TLS 1.2 non-SHA256
+ * ciphersuites.
+ **/
+static bool
+ciphersuite_has_nss_export_bug(const SSLCipherSuiteInfo *info)
+{
+ /* For more information on the bug, see
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1312976 */
+
+ /* This bug only exists in TLS 1.2. */
+ if (info->authType == ssl_auth_tls13_any)
+ return false;
+
+ /* Sadly, there's no way to get this information from the
+ * CipherSuiteInfo object itself other than by looking at the
+ * name. */
+ if (strstr(info->cipherSuiteName, "_SHA384") ||
+ strstr(info->cipherSuiteName, "_SHA512")) {
+ return true;
+ }
+
+ return false;
+}
+
tor_tls_context_t *
tor_tls_context_new(crypto_pk_t *identity,
unsigned int key_lifetime, unsigned flags, int is_client)
@@ -256,6 +282,12 @@ tor_tls_context_new(crypto_pk_t *identity,
!we_like_mac_algorithm(info.macAlgorithm) ||
!we_like_auth_type(info.authType)/* Requires NSS 3.24 */;
+ if (ciphersuite_has_nss_export_bug(&info)) {
+ /* SSL_ExportKeyingMaterial will fail; we can't use this cipher.
+ */
+ disable = 1;
+ }
+
s = SSL_CipherPrefSet(ctx->ctx, ciphers[i],
disable ? PR_FALSE : PR_TRUE);
if (s != SECSuccess)
More information about the tor-commits
mailing list