Opened 3 years ago

Last modified 16 months ago

#19983 new enhancement

Is openssl 1.1.0's "secure heap" feature useful for us?

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tls openssl hardening security tor-relay tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Found out about this in the 1.1.0 changelog. Maybe it could be something to take advantage of.

Child Tickets

Change History (6)

comment:1 Changed 3 years ago by teor

Sounds like a good idea - but we should make sure we turn it on for all private keys, not just the automatic RSA key protection.
http://blog.nullspace.io/akamai-ssl-patch.html

comment:2 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:3 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:4 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:5 Changed 2 years ago by nickm

Keywords: openssl hardening security tor-relay tor-client added; openssl110 removed
Type: defectenhancement

comment:6 Changed 16 months ago by traumschule

Keywords: tls added
Note: See TracTickets for help on using tickets.