On Wed, Jan 18, 2012 at 07:07:08AM +0000, Robert Ransom wrote: > On 2012-01-17, Ian Goldberg <[email protected]> wrote: > > On Tue, Jan 17, 2012 at 08:43:00PM +0200, George Kadianakis wrote: > >> [0]: Did the Telex people clean up the patch, generalize it, and post > >> it in openssl-dev? Having configurable {Server,Client}Hello.Random in > >> a future version of OpenSSL would be neat. > > > > At USENIX Security, Adam opined that openssl's callback mechanism should > > be able to do this with no patches to the source. (I think there was > > one part of Telex that would still need patches to openssl, but I don't > > think that was it.) You basically request a callback right after the > > clienthello.random is generated, and in the callback, overwrite the > > value. Or something like that; I don't remember exactly. > > In a Telex TLS connection, the client's DH secret key is derived from > the ECDH shared secret between the client's Telex ECDH key and the > Telex server's ECDH key. (This has the unfortunate side effect that a > client attempting to find Telex servers gives up forward secrecy for > its TLS connections.) This may be the part of Telex which requires an > OpenSSL patch.
Yes, that seems likely. (Note, though, that only the *wrapper* TLS loses forward secrecy, but what was inside that wrapper came out of the Telex proxy as plaintext, anyway. If the client actually connects to a TLS server as the covert destination, that TLS connection is perfectly normal.) - Ian _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
