Opened 16 months ago

Last modified 16 months ago

#24192 new defect

When I visit a V3 onion that supplies a invalid certificate, torbrowser will lookup the onion when the get certifice button is clicked

Reported by: Dbryrtfbcbhgf Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords:
Cc: asn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When I visit a V3 onion that supplies a invalid certificate, torbrowser will lookup the onion when the get certifice button is clicked. This may leak the secret onion address. I attached a photo showing the issue.

Child Tickets

Attachments (1)

issue.png (192.9 KB) - added by Dbryrtfbcbhgf 16 months ago.

Download all attachments as: .zip

Change History (13)

Changed 16 months ago by Dbryrtfbcbhgf

Attachment: issue.png added

comment:1 Changed 16 months ago by Dbryrtfbcbhgf

Priority: MediumHigh
Severity: NormalMajor

comment:2 Changed 16 months ago by cypherpunks

You guys need to add an exception to all FQDN which ends with ".onion".

\.onion$

That's because if you code "V2 and V3 only .onion", you might need to update the code again when Tor-V4, TorDNS starts in the future.

comment:3 Changed 16 months ago by cypherpunks

comment:4 in reply to:  2 Changed 16 months ago by asn

Replying to cypherpunks:

You guys need to add an exception to all FQDN which ends with ".onion".

\.onion$

That's because if you code "V2 and V3 only .onion", you might need to update the code again when Tor-V4, TorDNS starts in the future.

But that means that onions won't be able to revoke SSL certs anymore. Since we consider SSL certs something that onions might need (and in the case of your onion, it's even trying to use it), we should probably also support its various functionalities, including revocation?

Alternatively, we could add a scary message saying that the onion will get leaked, but I doubt most users understand the trade offs here...

comment:5 Changed 16 months ago by asn

Cc: asn added

comment:6 Changed 16 months ago by asn

In general, if you are an onion operator and you want your onion address to be secret, you shouldn't configure SSL with an OCSP provider. Does self-signed certs use OCSP?

I think handling this on the onion side and not on the client-side makes sense here.

comment:7 Changed 16 months ago by gk

After talking with ahf a bit I think we can do something smarter. We could require OCSP-must-stapling for .onions and otherwise just prevent it. Firefox is supporting it since ESR 45 at least:

https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/
https://tools.ietf.org/html/rfc7633

Dbryrtfbcbhgf: The button is not necessarily the issue. The OCSP request goes as already out when you are requesting the domain.

comment:8 Changed 16 months ago by gk

See: https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ for some info about what OCSP stapling achieves.

Last edited 16 months ago by gk (previous) (diff)

comment:10 Changed 16 months ago by gk

https://bugzilla.mozilla.org/show_bug.cgi?id=901698 is the bug where OCSP-must-stable got implemented.

comment:11 Changed 16 months ago by asn

Will we lose any security by only supporting OCSP-must-staple and ditching normal OCSP requests?

comment:12 in reply to:  8 Changed 16 months ago by Dbryrtfbcbhgf

Replying to gk:

See: https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ for some info about what OCSP stapling achieves.

When the button is pressed, will Tor browser leak the onion address to some server?

I’m referring to the button shown in the photo issue.png

Last edited 16 months ago by Dbryrtfbcbhgf (previous) (diff)
Note: See TracTickets for help on using tickets.