Open Bug 657237 Opened 13 years ago Updated 6 months ago

Session tickets generated by libssl leak length of client certificate

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: briansmith, Unassigned)

Details

(Keywords: privacy)

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Reporter

Description

•

13 years ago

The session tickets generated by the server-side of libssl do not try to pad the DER encoding of the client certificate. This means it could be easy to infer (and/or narrow down) what client certificate is included in the session ticket, my measuring its length. The server should either pad the client certificate, or it should include just a cryptographic hash of the client certificate chain in the ticket that it can look up later in a cache that maps the hashes back to cert chains.

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Benjamin Beurdouche [:beurdouche]

Updated

•

6 months ago

Priority: -- → P3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Session tickets generated by libssl leak length of client certificate

Categories

(NSS :: Libraries, defect, P3)

Tracking

(Not tracked)

People

(Reporter: briansmith, Unassigned)

References

Details

(Keywords: privacy)

Crash Data

Security

(public)

User Story

Description

Updated

Updated