[tor-dev] Proposal 190: Password-based Bridge Client Authorization

Ian Goldberg iang at cs.uwaterloo.ca
Wed Jan 18 12:40:22 UTC 2012

On Wed, Jan 18, 2012 at 07:07:08AM +0000, Robert Ransom wrote:
> On 2012-01-17, Ian Goldberg <iang at cs.uwaterloo.ca> wrote:
> > On Tue, Jan 17, 2012 at 08:43:00PM +0200, George Kadianakis wrote:
> >> [0]: Did the Telex people clean up the patch, generalize it, and post
> >> it in openssl-dev? Having configurable {Server,Client}Hello.Random in
> >> a future version of OpenSSL would be neat.
> >
> > At USENIX Security, Adam opined that openssl's callback mechanism should
> > be able to do this with no patches to the source.  (I think there was
> > one part of Telex that would still need patches to openssl, but I don't
> > think that was it.)  You basically request a callback right after the
> > clienthello.random is generated, and in the callback, overwrite the
> > value.  Or something like that; I don't remember exactly.
> In a Telex TLS connection, the client's DH secret key is derived from
> the ECDH shared secret between the client's Telex ECDH key and the
> Telex server's ECDH key.  (This has the unfortunate side effect that a
> client attempting to find Telex servers gives up forward secrecy for
> its TLS connections.)  This may be the part of Telex which requires an
> OpenSSL patch.

Yes, that seems likely.  (Note, though, that only the *wrapper* TLS
loses forward secrecy, but what was inside that wrapper came out of the
Telex proxy as plaintext, anyway.  If the client actually connects to a
TLS server as the covert destination, that TLS connection is perfectly

   - Ian

More information about the tor-dev mailing list