Do not include a timestamp in the Client/ServerHello Random field.
Instead, send random bytes, unless SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
is set.
This is a forward-port of commits:
4af793036f
f4c93b46ed
3da721dac9
2583270191
While the gmt_unix_time record was added in an ostensible attempt to
mitigate the dangers of a bad RNG, its presence leaks the host's view
of the current time in the clear. This minor leak can help
fingerprint TLS instances across networks and protocols... and what's
worse, it's doubtful thet the gmt_unix_time record does any good at
all for its intended purpose, since:
* It's quite possible to open two TLS connections in one second.
* If the PRNG output is prone to repeat itself, ephemeral
handshakes (and who knows what else besides) are broken.
This commit is contained in:
Nick Mathewson
@@ -707,6 +707,12 @@ struct ssl_session_st
|
||||
* TLS only.) "Released" buffers are put onto a free-list in the context
|
||||
* or just freed (depending on the context's setting for freelist_max_len). */
|
||||
#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
|
||||
/* Send the current time in the Random fields of the ClientHello and
|
||||
* ServerHello records for compatibility with hypothetical implementations
|
||||
* that require it.
|
||||
*/
|
||||
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
|
||||
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
|
||||
|
||||
/* Cert related flags */
|
||||
/* Many implementations ignore some aspects of the TLS standards such as
|
||||
|
||||
Reference in New Issue
Block a user