Open Bug 657237 Opened 13 years ago Updated 11 months ago

Session tickets generated by libssl leak length of client certificate

Categories

(NSS :: Libraries, defect, P3)

Tracking

(Not tracked)

People

(Reporter: briansmith, Unassigned)

Details

(Keywords: privacy)

The session tickets generated by the server-side of libssl do not try to pad the DER encoding of the client certificate. This means it could be easy to infer (and/or narrow down) what client certificate is included in the session ticket, my measuring its length. The server should either pad the client certificate, or it should include just a cryptographic hash of the client certificate chain in the ticket that it can look up later in a cache that maps the hashes back to cert chains.
Severity: normal → S3
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.