From edd6f02273c58bfe39a978dd5c7b8765aae0b886 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Sat, 9 Mar 2013 17:16:11 -0500 Subject: [PATCH] randomize SSLKeyLifetime by default resolves ticket 8443. --- changes/ticket8443 | 4 ++++ doc/tor.1.txt | 9 +++++++-- src/or/config.c | 2 +- src/or/or.h | 3 ++- src/or/router.c | 4 ++++ 5 files changed, 18 insertions(+), 4 deletions(-) create mode 100644 changes/ticket8443 diff --git a/changes/ticket8443 b/changes/ticket8443 new file mode 100644 index 000000000..ca6fb2f47 --- /dev/null +++ b/changes/ticket8443 @@ -0,0 +1,4 @@ + o Minor features: + - Randomize the lifetime of our SSL link certificate, so censors can't + use the static value for filtering Tor flows. Resolves ticket 8443; + related to ticket 4014 which was included in 0.2.2.33. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 75bca7937..505a0834b 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1500,8 +1500,13 @@ is non-zero): **ShutdownWaitLength** __NUM__:: When we get a SIGINT and we're a server, we begin shutting down: we close listeners and start refusing new circuits. After **NUM** - seconds, we exit. If we get a second SIGINT, we exit immedi- - ately. (Default: 30 seconds) + seconds, we exit. If we get a second SIGINT, we exit immediately. + (Default: 30 seconds) + +**SSLKeyLifetime** __N__ **minutes**|**hours**|**days**|**weeks**:: + When creating a link certificate for our outermost SSL handshake, + set its lifetime to this amount of time. If set to 0, Tor will choose + some reasonable random defaults. (Default: 0) **HeartbeatPeriod** __N__ **minutes**|**hours**|**days**|**weeks**:: Log a heartbeat message every **HeartbeatPeriod** seconds. This is diff --git a/src/or/config.c b/src/or/config.c index b7613bdf9..15138f9d7 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -380,7 +380,7 @@ static config_var_t option_vars_[] = { V(SocksPolicy, LINELIST, NULL), VPORT(SocksPort, LINELIST, NULL), V(SocksTimeout, INTERVAL, "2 minutes"), - V(SSLKeyLifetime, INTERVAL, "365 days"), + V(SSLKeyLifetime, INTERVAL, "0"), OBSOLETE("StatusFetchPeriod"), V(StrictNodes, BOOL, "0"), OBSOLETE("SysLog"), diff --git a/src/or/or.h b/src/or/or.h index a71468c1c..c7d259853 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4008,7 +4008,8 @@ typedef struct { */ int DisableV2DirectoryInfo_; - /** What expiry time shall we place on our SSL certs? */ + /** What expiry time shall we place on our SSL certs? "0" means we + * should guess a suitable value. */ int SSLKeyLifetime; } or_options_t; diff --git a/src/or/router.c b/src/or/router.c index c9c35f613..211366351 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -659,6 +659,10 @@ router_initialize_tls_context(void) else if (!strcasecmp(options->TLSECGroup, "P224")) flags |= TOR_TLS_CTX_USE_ECDHE_P224; } + if (!lifetime) { /* we should guess a good ssl cert lifetime */ + /* choose between 1 and 365 days */ + lifetime = 1*24*3600 + crypto_rand_int(364*24*3600); + } /* It's ok to pass lifetime in as an unsigned int, since * config_parse_interval() checked it. */