randomize SSLKeyLifetime by default

resolves ticket 8443.
2013-03-09 17:16:11 -05:00 · 2013-03-09 17:16:11 -05:00 · edd6f02273
parent 599aeef9bc
commit edd6f02273
5 changed files with 18 additions and 4 deletions
--- a/changes/ticket8443
+++ b/changes/ticket8443
@ -0,0 +1,4 @@
+  o Minor features:
+    - Randomize the lifetime of our SSL link certificate, so censors can't
+      use the static value for filtering Tor flows. Resolves ticket 8443;
+      related to ticket 4014 which was included in 0.2.2.33.
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@ -1500,8 +1500,13 @@ is non-zero):
 **ShutdownWaitLength** __NUM__::
    When we get a SIGINT and we're a server, we begin shutting down:
    we close listeners and start refusing new circuits. After **NUM**
-    seconds, we exit. If we get a second SIGINT, we exit immedi-
-    ately. (Default: 30 seconds)
+    seconds, we exit. If we get a second SIGINT, we exit immediately.
+    (Default: 30 seconds)
+
+**SSLKeyLifetime** __N__ **minutes**|**hours**|**days**|**weeks**::
+    When creating a link certificate for our outermost SSL handshake,
+    set its lifetime to this amount of time. If set to 0, Tor will choose
+    some reasonable random defaults. (Default: 0)

 **HeartbeatPeriod**  __N__ **minutes**|**hours**|**days**|**weeks**::
    Log a heartbeat message every **HeartbeatPeriod** seconds. This is
--- a/src/or/config.c
+++ b/src/or/config.c
@ -380,7 +380,7 @@ static config_var_t option_vars_[] = {
  V(SocksPolicy,                 LINELIST, NULL),
  VPORT(SocksPort,                   LINELIST, NULL),
  V(SocksTimeout,                INTERVAL, "2 minutes"),
-  V(SSLKeyLifetime,              INTERVAL, "365 days"),
+  V(SSLKeyLifetime,              INTERVAL, "0"),
  OBSOLETE("StatusFetchPeriod"),
  V(StrictNodes,                 BOOL,     "0"),
  OBSOLETE("SysLog"),
--- a/src/or/or.h
+++ b/src/or/or.h
@ -4008,7 +4008,8 @@ typedef struct {
   */
  int DisableV2DirectoryInfo_;

-  /** What expiry time shall we place on our SSL certs? */
+  /** What expiry time shall we place on our SSL certs? "0" means we
+   * should guess a suitable value. */
  int SSLKeyLifetime;

 } or_options_t;
--- a/src/or/router.c
+++ b/src/or/router.c
@ -659,6 +659,10 @@ router_initialize_tls_context(void)
    else if (!strcasecmp(options->TLSECGroup, "P224"))
      flags |= TOR_TLS_CTX_USE_ECDHE_P224;
  }
+  if (!lifetime) { /* we should guess a good ssl cert lifetime */
+    /* choose between 1 and 365 days */
+    lifetime = 1*24*3600 + crypto_rand_int(364*24*3600);
+  }

  /* It's ok to pass lifetime in as an unsigned int, since
   * config_parse_interval() checked it. */