[tor-dev] Proposal 195: TLS certificate normalization for Tor 0.2.4.x

George Kadianakis desnacked at riseup.net
Sat Mar 10 00:18:19 UTC 2012

Nick Mathewson <nickm at freehaven.net> writes:

> Filename: 195-TLS-normalization-for-024.txt
> Title: TLS certificate normalization for Tor 0.2.4.x
> Author: Jacob Appelbaum, Gladys Shufflebottom, Nick Mathewson, Tim Wilde
> Created: 6-Mar-2012
> Status: Draft
> Target: 0.2.4.x
> <snip>
> 2. TLS handshake issues
> 2.1. Session ID.
>    Currently we do not send an SSL session ID, as we do not support session
>    resumption.  However, Apache (and likely other major SSL servers) do have
>    this support, and do send a 32 byte SSLv3/TLSv1 session ID in their Server
>    Hello cleartext.  We should do the same to avoid an easy fingerprinting
>    opportunity.  It may be necessary to lie to OpenSSL to claim that we are
>    tracking session IDs to cause it to generate them for us.
>    (We should not actually support session resumption.)

This is a nice idea, but it opens us to the obvious active attack of
Them checking if a host *actually* supports session resumption or if
it's faking it.

What is the reason we don't like session resumption? Does it still
makes sense to keep it disabled even after #4436 is implemented?

More information about the tor-dev mailing list