crypto/tls: do not send the current time in hello messages

This reduces the ability to fingerprint TLS connections.

The impeteus for this change was a recent change to OpenSSL
by Nick Mathewson:

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2016265dfb

LGTM=agl
R=agl
CC=golang-codereviews
https://golang.org/cl/57230043
This commit is contained in:
Anthony Martin 2014-02-04 10:51:37 -05:00 committed by Adam Langley
parent 9323f900fd
commit 8cf5d703de
2 changed files with 3 additions and 13 deletions

View File

@ -63,12 +63,7 @@ NextCipherSuite:
} }
} }
t := uint32(c.config.time().Unix()) _, err := io.ReadFull(c.config.rand(), hello.random)
hello.random[0] = byte(t >> 24)
hello.random[1] = byte(t >> 16)
hello.random[2] = byte(t >> 8)
hello.random[3] = byte(t)
_, err := io.ReadFull(c.config.rand(), hello.random[4:])
if err != nil { if err != nil {
c.sendAlert(alertInternalError) c.sendAlert(alertInternalError)
return errors.New("tls: short read from Rand: " + err.Error()) return errors.New("tls: short read from Rand: " + err.Error())

View File

@ -146,17 +146,12 @@ Curves:
} }
hs.hello.vers = c.vers hs.hello.vers = c.vers
t := uint32(config.time().Unix())
hs.hello.random = make([]byte, 32) hs.hello.random = make([]byte, 32)
hs.hello.random[0] = byte(t >> 24) _, err = io.ReadFull(config.rand(), hs.hello.random)
hs.hello.random[1] = byte(t >> 16)
hs.hello.random[2] = byte(t >> 8)
hs.hello.random[3] = byte(t)
hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation
_, err = io.ReadFull(config.rand(), hs.hello.random[4:])
if err != nil { if err != nil {
return false, c.sendAlert(alertInternalError) return false, c.sendAlert(alertInternalError)
} }
hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation
hs.hello.compressionMethod = compressionNone hs.hello.compressionMethod = compressionNone
if len(hs.clientHello.serverName) > 0 { if len(hs.clientHello.serverName) > 0 {
c.serverName = hs.clientHello.serverName c.serverName = hs.clientHello.serverName