[tor-bugs] #3972 [Tor Relay]: Implement proposal 179: TLS certificate and handshake normalization

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Oct 28 01:14:30 UTC 2011 

#3972: Implement proposal 179: TLS certificate and handshake normalization
--------------------------+-------------------------------------------------
 Reporter:  ioerror       |          Owner:                    
     Type:  defect        |         Status:  new               
 Priority:  major         |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Relay     |        Version:  Tor: unspecified  
 Keywords:  needs_review  |         Parent:                    
   Points:                |   Actualpoints:                    
--------------------------+-------------------------------------------------

Comment(by asn):

 Replying to [comment:5 ioerror]:

 > Nick - If you read this report (
 https://www.ssllabs.com/ssldb/analyze.html?d=www%2etorproject%2eorg&s=38%2e229%2e70%2e46
 ) - I see that our website uses a 2048-bit RSA key and the DH is 1024-bit.
 Eg: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits (p: 128, g: 1,
 Ys: 128)
 >
 > What happens if we crank up the DH parameter to be dynamic and
 2048-bits? Seems like we'll perhaps stick out, eh?

 Hmm, that ssllabs.com report is a bit weird (What is `p`, `g` and `Ys`
 supposed to be? If `g` is the generator, is the generator supposed to be
 `1`? Or is it one bit?).

 BTW, in DHE TLS ciphersuites the server supplies the DHE parameters
 through a ServerKeyExchange message and the client is supposed to accept
 them. The keylength is not known by the client before the handshake.

 Looking at the OpenSSL code, the generated DH modulus in DHE mode seems to
 always be 1024 bits (or 512 if export40 restrictions apply). I guess that
 makes 1024 bits a more sensible choice wrt fingerprinting.

 In `ssl3_send_server_key_exchange()`:
 {{{
                         if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
                                 dhp=s->cert->dh_tmp_cb(s,
 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
 }}}
 and
 {{{
 #define SSL_C_EXPORT_PKEYLENGTH(c)
 SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
 #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
 }}}

 (Note that the DH keys generated in DHE mode are only used for a single
 session and then they are thrown away; hence their small size is not
 terribly alarming.)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3972#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list