[tor-bugs] #29241 [Core Tor/Tor]: NSS SSL_ExportKeyingMaterial failing
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 29 16:50:01 UTC 2019
#29241: NSS SSL_ExportKeyingMaterial failing
-------------------------------------------------+-------------------------
Reporter: sysrqb | Owner: nickm
Type: defect | Status:
| accepted
Priority: High | Milestone: Tor:
| 0.4.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: regression, 035-backport?, | Actual Points:
040-must, spec |
Parent ID: | Points: 2
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by nickm):
Ah. The reason I could not reproduce this is that it does not happen with
TLS 1.3. The error code here is `SEC_ERROR_LIBRARY_FAILURE`, apparently
set by `ssl3_TLSPRFWithMasterSecret` in NSS.
Looking at the source code of that function, this error is possible in
these cases:
* No master secret has been negotiated yet.
* TLS 1.2 is in use, and the PRF hash is something other than SHA256.
The second case seems likelier.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29241#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list