randomize SSLKeyLifetime by default

resolves ticket 8443.
This commit is contained in:
Roger Dingledine 2013-03-09 17:16:11 -05:00
parent 599aeef9bc
commit edd6f02273
5 changed files with 18 additions and 4 deletions

4
changes/ticket8443 Normal file
View File

@ -0,0 +1,4 @@
o Minor features:
- Randomize the lifetime of our SSL link certificate, so censors can't
use the static value for filtering Tor flows. Resolves ticket 8443;
related to ticket 4014 which was included in 0.2.2.33.

View File

@ -1500,8 +1500,13 @@ is non-zero):
**ShutdownWaitLength** __NUM__::
When we get a SIGINT and we're a server, we begin shutting down:
we close listeners and start refusing new circuits. After **NUM**
seconds, we exit. If we get a second SIGINT, we exit immedi-
ately. (Default: 30 seconds)
seconds, we exit. If we get a second SIGINT, we exit immediately.
(Default: 30 seconds)
**SSLKeyLifetime** __N__ **minutes**|**hours**|**days**|**weeks**::
When creating a link certificate for our outermost SSL handshake,
set its lifetime to this amount of time. If set to 0, Tor will choose
some reasonable random defaults. (Default: 0)
**HeartbeatPeriod** __N__ **minutes**|**hours**|**days**|**weeks**::
Log a heartbeat message every **HeartbeatPeriod** seconds. This is

View File

@ -380,7 +380,7 @@ static config_var_t option_vars_[] = {
V(SocksPolicy, LINELIST, NULL),
VPORT(SocksPort, LINELIST, NULL),
V(SocksTimeout, INTERVAL, "2 minutes"),
V(SSLKeyLifetime, INTERVAL, "365 days"),
V(SSLKeyLifetime, INTERVAL, "0"),
OBSOLETE("StatusFetchPeriod"),
V(StrictNodes, BOOL, "0"),
OBSOLETE("SysLog"),

View File

@ -4008,7 +4008,8 @@ typedef struct {
*/
int DisableV2DirectoryInfo_;
/** What expiry time shall we place on our SSL certs? */
/** What expiry time shall we place on our SSL certs? "0" means we
* should guess a suitable value. */
int SSLKeyLifetime;
} or_options_t;

View File

@ -659,6 +659,10 @@ router_initialize_tls_context(void)
else if (!strcasecmp(options->TLSECGroup, "P224"))
flags |= TOR_TLS_CTX_USE_ECDHE_P224;
}
if (!lifetime) { /* we should guess a good ssl cert lifetime */
/* choose between 1 and 365 days */
lifetime = 1*24*3600 + crypto_rand_int(364*24*3600);
}
/* It's ok to pass lifetime in as an unsigned int, since
* config_parse_interval() checked it. */