#26819 closed enhancement (implemented)

Minimal client-side support for TLS via NSS

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 035-roadmap-subticket, 035-triaged-in-20180711
Cc: nickm, gk, catalyst, ahf Actual Points:
Parent ID: #26631 Points:
Reviewer: ahf Sponsor: Sponsor8-can

Description

When porting libtor-tls to NSS, we'll start with client-side support for our TLS features. This will only have to include originating connections, and only with the most recent link handshake. It won't need any key export support at all.

At this point, we can have "--enable-nss" imply "--disable-openssl", and also have it imply that ORPort cannot be set (since you can't be a Tor server with this minimal TLS support.)

Child Tickets

Change History (9)

comment:1 Changed 12 months ago by nickm

Owner: set to nickm
Status: newaccepted

comment:2 Changed 11 months ago by nickm

My nss_tls branch can now bootstrap for me. It has many bugs and missing pieces remaining, though, which is why I'm not putting it into needs_review yet.

comment:3 Changed 11 months ago by nickm

Status: acceptedneeds_review

I've fixed most of the issues here; I think nss_tls is ready for a review.

comment:4 Changed 11 months ago by dgoulet

Reviewer: ahf

comment:5 Changed 11 months ago by ahf

Created a PR to track this: https://github.com/torproject/tor/pull/306

comment:6 Changed 11 months ago by ahf

Status: needs_reviewneeds_revision

I've left some comments on the PR. Also looks like there is a conflict.

comment:7 Changed 11 months ago by nickm

I've responded to your comments; let me know if you think I should fix up anything I didn't fix up already.

I'll fix the conflict on merge, if that's ok

comment:8 Changed 11 months ago by ahf

Status: needs_revisionmerge_ready

Looks good!

comment:9 Changed 11 months ago by nickm

Resolution: implemented
Status: merge_readyclosed

merged!

Note: See TracTickets for help on using tickets.