From ce0a89e2624471272ffc4950c5069d9b81a7f0b9 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 5 Nov 2009 18:13:08 -0500 Subject: Make Tor work with OpenSSL 0.9.8l To fix a major security problem related to incorrect use of SSL/TLS renegotiation, OpenSSL has turned off renegotiation by default. We are not affected by this security problem, however, since we do renegotiation right. (Specifically, we never treat a renegotiated credential as authenticating previous communication.) Nevertheless, OpenSSL's new behavior requires us to explicitly turn renegotiation back on in order to get our protocol working again. Amusingly, this is not so simple as "set the flag when you create the SSL object" , since calling connect or accept seems to clear the flags. For belt-and-suspenders purposes, we clear the flag once the Tor handshake is done. There's no way to exploit a second handshake either, but we might as well not allow it. --- src/or/connection_or.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/or/connection_or.c') diff --git a/src/or/connection_or.c b/src/or/connection_or.c index b4e80926b..2a52b3fcd 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -844,6 +844,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn) /* Don't invoke this again. */ tor_tls_set_renegotiate_callback(tls, NULL, NULL); + tor_tls_block_renegotiation(tls); if (connection_tls_finish_handshake(conn) < 0) { /* XXXX_TLS double-check that it's ok to do this from inside read. */ @@ -1087,6 +1088,7 @@ connection_tls_finish_handshake(or_connection_t *conn) connection_or_init_conn_from_address(conn, &conn->_base.addr, conn->_base.port, digest_rcvd, 0); } + tor_tls_block_renegotiation(conn->tls); return connection_or_set_state_open(conn); } else { conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING; -- cgit v1.2.3