[tbb-bugs] #19910 [Applications/Tor Browser]: Rip out optimistic data socks handshake variant (#3875)

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Aug 12 17:39:07 UTC 2016 

#19910: Rip out optimistic data socks handshake variant (#3875)
------------------------------------------+----------------------
     Reporter:  cypherpunks               |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 Optimistic data socks handshake variant violates RFC we could to ignore
 except total code logic brokenness.

 For something like https transport code functionality depends timing of
 socks proxy. If socks-proxy answer before TLS handshake can to start then
 browser process socks handshake as server hello therefore violates TLS
 session.

 You can't to use code fully based on race condition. You can't to fix code
 so it never process any input data as soon as you start TLS handshake.
 Only solution to rip out that code entirely.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19910>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list