Opened 5 years ago

Closed 5 years ago

#12234 closed enhancement (duplicate)

Add Option to ControlPort for SSL/TLS Support

Reported by: blentz Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I was thinking perhaps there should be an option to wrap the ControlPort socket in SSL. In the cases where TCP 127.0.0.1 or a Unix domain socket is used, this is admittedly of no value.

However, anywhere a remote TCP socket is allowed to interact with the tor ControlPort, we should probably have the option of encrypting the data (e.g. AUTHENTICATE and anything sensitive) while in transit over the network, where it could be subject to interception.

Interacting with the daemon could be done with openssl s_client if done by hand. The commonly-used controlport clients would have to enhanced as well to support use of SSL/TLS.

Without this, we'd have to stunnel or ssh tunnel this socket, implying those facilities were available on the host and/or platform.

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by arma

What's the use case for having a remote control port, for a user who doesn't know how to use stunnel?

In the past we've opted not to do this, since it adds complexity and we don't see how this use case is a good idea for normal users.

comment:2 Changed 5 years ago by blentz

Thanks for sharing.

I am surprised this is the attitude toward enabling such functionality. Given this software is presumably riddled with SSL socket bindings, I assumed such a change would be relatively trivial. Admittedly I didn't take a serious look at the code to see exactly to what degree of added complexity it would require.

If relying on a third-party software package for doing SSL based on the relative intelligence or experience level of a user versus plus the unquantifiable proportion to which this functionality will be used versus elegantly supporting it natively within tor itself is what the maintainers prefer, so be it.

ControlPort can continue to accept passwords in the clear and if a user doesn't like it they can kludge stunnel in front of it.

Sorry for wasting your time.

comment:3 Changed 5 years ago by nickm

Closing as duplicate of #3501.

comment:4 Changed 5 years ago by nickm

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.