Closed
Bug 967923
Opened 11 years ago
Closed 11 years ago
Randomize timestamps in TLS handshake
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 937976
People
(Reporter: mikeperry, Unassigned)
Details
(Whiteboard: [tor])
Attachments
(1 file)
1.26 KB,
patch
|
Details | Diff | Splinter Review |
In Tor Browser and in Tor, we have decided to randomize the TLS timestamp field rather than submit the current machine time, to avoid clock drift fingerprinting. It turns out that OpenSSL merged our patch for this in 1.0.1f. Here's a link to that discussion:
https://www.ietf.org/mail-archive/web/tls/current/msg09861.html
The timestamp field is used only as an additional entropy source in TLS, and having it not reflect the actual current time does not affect operation of the handshake. In fact, Firefox actually had a long-standing bug where the current machine uptime was reported in this field instead of the current time, which as far as I know, persisted from the Netscape days up until Firefox 3.5. See Bug 405625.
Attached is the patch for NSS, against FF24ESR.
Updated•11 years ago
|
Assignee: nobody → nobody
Component: General → Libraries
Product: Firefox → NSS
Comment 1•11 years ago
|
||
Already fixed and already shipping to users in Fx26 and Chrome 30-something.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Updated•11 years ago
|
Whiteboard: [tor]
You need to log in
before you can comment on or make changes to this bug.
Description
•