Session tickets generated by libssl leak length of client certificate

NEW
Unassigned

Status

8 years ago
8 years ago

People

(Reporter: briansmith, Unassigned)

Tracking

({privacy})

trunk
privacy

Firefox Tracking Flags

(Not tracked)

Details

The session tickets generated by the server-side of libssl do not try to pad the DER encoding of the client certificate. This means it could be easy to infer (and/or narrow down) what client certificate is included in the session ticket, my measuring its length. The server should either pad the client certificate, or it should include just a cryptographic hash of the client certificate chain in the ticket that it can look up later in a cache that maps the hashes back to cert chains.
You need to log in before you can comment on or make changes to this bug.