#7139: Tor involuntarily sets TLS session tickets
-----------------------------------+----------------------------------------
Reporter: nextgens | Type: defect
Status: needs_review | Priority: major
Milestone: Tor: 0.2.2.x-final | Component: Tor
Version: | Keywords: tor-relay ssl tls security
pfs
Parent: | Points:
Actualpoints: |
-----------------------------------+----------------------------------------
Comment(by nextgens):
So, my point number 2 in the original report is incorrect and should read:
2) security: It has implications regarding PFS (the key material
encrypting the ticket is ephemeral but might be swapped out to disk) and
exposes more attack surface than strictly necessary (Tor doesn't use the
tickets in any case)
The PFS interval is not linked to MAX_SSL_KEY_LIFETIME_INTERNAL at all.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7139#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
