Opened 3 months ago

Closed 7 weeks ago

#27288 closed defect (implemented)

Tor with NSS must not claim to support LinkAuth=1

Reported by: nickm Owned by:
Priority: Immediate Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version:
Severity: Blocker Keywords: 035-roadmap-master, 035-triaged-in-20180711, rust
Cc: Actual Points:
Parent ID: Points:
Reviewer: teor Sponsor: Sponsor8

Description

LinkAuth=1 is the older one that pokes inside the world of TLS master secrets. NSS sensibly doesn't let us do that, and makes us use RFC5705 like sensible people.

We shouldn't claim to support it, though.

I'm making this a separate ticket from the rest of NSS-TLS, though, since once we merge this, Tor clients and servers will stop working with NSS until #27286 is merged to update the list of required protocols.

Child Tickets

TicketStatusOwnerSummaryComponent
#27731closedtor restart loop: "The missing protocols are: LinkAuth=1"Core Tor/Tor
#27734closedtor on OpenSSL claims not to support LinkAuth=1Core Tor/Tor

Change History (13)

comment:1 Changed 3 months ago by nickm

Status: newneeds_review

Branch is nss_tls_protover, based on my nss_tls branch.

comment:2 Changed 3 months ago by teor

Keywords: rust added
Reviewer: teor
Status: needs_reviewmerge_ready

This also looks fine to me. I'm assuming it will run on CI, so I don't actually need to run it.

I'm slightly disappointed that we now have 3 copies of the supported protocols string, where we used to have 2. But that's an issue for another ticket.

comment:3 Changed 3 months ago by nickm

Status: merge_readyneeds_review

comment:4 Changed 3 months ago by teor

Status: needs_reviewneeds_revision

nickm, I'm not sure what review work or other work needs to be done on this ticket.

comment:5 Changed 3 months ago by nickm

Status: needs_revisionmerge_ready

Oh! I think I mistook this for another ticket when I put it back in needs_review.

comment:6 Changed 2 months ago by nickm

Update -- the code for authorities to no longer vote for LinkAuth=1 is merged (#27286), but not enough authorities have upgraded yet. When they do, we can merge this.

comment:7 Changed 2 months ago by nickm

Resolution: implemented
Status: merge_readyclosed

Enough authorities are now voting not to include LinkAuth=1. I'll cherry-pick this commit to master.

comment:8 in reply to:  7 Changed 8 weeks ago by teor

Priority: MediumImmediate
Resolution: implemented
Severity: NormalBlocker
Status: closedreopened

Replying to nickm:

Enough authorities are now voting not to include LinkAuth=1. I'll cherry-pick this commit to master.

Please revert this change.

When loading the consensus from disk, Tor does the protocol check *before* we do the consensus expiry check:
https://github.com/torproject/tor/blob/b67f3b751a277fb940b155c0bc64f594db5549b0/src/feature/nodelist/networkstatus.c#L1871

Therefore, any Tor that has an old cached consensus, and deploys this code, will restart in a loop without ever downloading a new consensus.

Thanks to traumschule for this bug report.

comment:9 Changed 8 weeks ago by teor

See #27731 for the bug report.

comment:10 Changed 8 weeks ago by teor

This issue affects NSS and OpenSSL tors on master, due to #27734.

Last edited 8 weeks ago by teor (previous) (diff)

comment:11 Changed 8 weeks ago by teor

chutney's mixed network logs a warning, but doesn't fail:

PASS: mixed+hs-v2
Detail: chutney/tools/warnings.sh /Users/base/chutney/net/nodes.1536899915
Warning: At least one protocol listed as recommended in the consensus is not supported by this version of Tor. You should upgrade. This version of Tor will eventually stop working as a client on the Tor network. The missing protocols are: LinkAuth=1 Number: 6
Warning: At least one protocol listed as recommended in the consensus is not supported by this version of Tor. You should upgrade. This version of Tor will eventually stop working as a relay on the Tor network. The missing protocols are: LinkAuth=1 Number: 27

New tors only fail in a network with a majority of old authorities. (And the network itself would only fail if it was a minimal network, and those new tors were essential to transmitting client data.)

comment:12 Changed 8 weeks ago by nickm

Parent ID: #26631

unparenting.

Per discussion, I do not currently plan to revert this, but instead to include "how to try out NSS" instructions.

comment:13 Changed 7 weeks ago by nickm

Resolution: implemented
Status: reopenedclosed
Note: See TracTickets for help on using tickets.