#26819 closed enhancement (implemented)

Minimal client-side support for TLS via NSS

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 035-roadmap-subticket, 035-triaged-in-20180711
Cc: nickm, gk, catalyst, ahf Actual Points:
Parent ID: #26631 Points:
Reviewer: ahf Sponsor: Sponsor8-can


When porting libtor-tls to NSS, we'll start with client-side support for our TLS features. This will only have to include originating connections, and only with the most recent link handshake. It won't need any key export support at all.

At this point, we can have "--enable-nss" imply "--disable-openssl", and also have it imply that ORPort cannot be set (since you can't be a Tor server with this minimal TLS support.)

Child Tickets

Change History (9)

comment:1 Changed 19 months ago by nickm

Owner: set to nickm
Status: newaccepted

comment:2 Changed 18 months ago by nickm

My nss_tls branch can now bootstrap for me. It has many bugs and missing pieces remaining, though, which is why I'm not putting it into needs_review yet.

comment:3 Changed 18 months ago by nickm

Status: acceptedneeds_review

I've fixed most of the issues here; I think nss_tls is ready for a review.

comment:4 Changed 18 months ago by dgoulet

Reviewer: ahf

comment:5 Changed 18 months ago by ahf

Created a PR to track this: https://github.com/torproject/tor/pull/306

comment:6 Changed 18 months ago by ahf

Status: needs_reviewneeds_revision

I've left some comments on the PR. Also looks like there is a conflict.

comment:7 Changed 18 months ago by nickm

I've responded to your comments; let me know if you think I should fix up anything I didn't fix up already.

I'll fix the conflict on merge, if that's ok

comment:8 Changed 18 months ago by ahf

Status: needs_revisionmerge_ready

Looks good!

comment:9 Changed 18 months ago by nickm

Resolution: implemented
Status: merge_readyclosed


Note: See TracTickets for help on using tickets.