Open
Bug 657237
Opened 13 years ago
Updated 11 months ago
Session tickets generated by libssl leak length of client certificate
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: briansmith, Unassigned)
Details
(Keywords: privacy)
The session tickets generated by the server-side of libssl do not try to pad the DER encoding of the client certificate. This means it could be easy to infer (and/or narrow down) what client certificate is included in the session ticket, my measuring its length. The server should either pad the client certificate, or it should include just a cryptographic hash of the client certificate chain in the ticket that it can look up later in a cache that maps the hashes back to cert chains.
Updated•2 years ago
|
Severity: normal → S3
Updated•11 months ago
|
Priority: -- → P3
You need to log in
before you can comment on or make changes to this bug.
Description
•