[tor-commits] [tor/main] conn: add ClientHello Padding TLS extension
dgoulet at torproject.org
dgoulet at torproject.org
Wed Feb 9 15:37:07 UTC 2022
commit f1387b398c130eac740b759db5101d8c469114d5
Author: pseudonymisaTor <1397-pseudonymisaTor at gitlab.torproject.org>
Date: Sun Jan 23 09:24:28 2022 +0000
conn: add ClientHello Padding TLS extension
---
src/lib/tls/tortls_openssl.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index d59d65d995..77de2d6a11 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -701,6 +701,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
/* let us realloc bufs that we're writing from */
SSL_CTX_set_mode(result->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+#ifdef SSL_OP_TLSEXT_PADDING
+ /* Adds a padding extension to ensure the ClientHello size is never between
+ * 256 and 511 bytes in length. */
+ SSL_CTX_set_options(result->ctx, SSL_OP_TLSEXT_PADDING);
+#endif
+
return result;
error:
More information about the tor-commits
mailing list