#30242 closed defect (duplicate)

Impossible to change circuit for a site when its SSL certificate is invalid

Reported by: pf.team Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-circuit-display
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


When accessing a website that uses SSL and the browser raises a certificate error (certificate expired, doesn't match domain name etc) the user no longer can change the circuit by using the "New Circuit for this Site" button. Even if you press it, the browser still keeps using the old circuit.

This is not just an interface error - the circuit remains unchanged, we've managed to reproduce this problem while dumping incoming traffic on one of our own services, and after the button was pressed, the requests still came from the same exit node.

What is especially important, is that a certificate error may arise not only due to actual problems with certificate on the destination server, but also because the exit node is compromised and tries to conduct a Man-in-the-Middle attack. We observed cases when, with Tor Browser version 6 and 7, the certificate error went away after changing the circuit, which points to the exit node itself being compromised.

This issue does not allow the user to circumvent a potentially compromised exit node to exchange information safely, and forces users to either abandon their attempts altogether, accept the incorrect certificate and be compromised or go through the process of resetting the identity (that still works, but any and all sessions etc are lost, obviously).

Child Tickets

Change History (2)

comment:1 Changed 15 months ago by acat

Thanks for reporting. This is was fixed in #22538, it should be working in current alpha (8.5a11) and next 8.5 release.

comment:2 Changed 15 months ago by gk

Keywords: ssl tbb-8.0-issues tor-circuit removed
Resolution: duplicate
Status: newclosed

Duplicate of #22538.

Note: See TracTickets for help on using tickets.