]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3baceaa)
crypto/tls: do not send the current time in hello messages
authorAnthony Martin <ality@pbrane.org>
Tue, 4 Feb 2014 15:51:37 +0000 (10:51 -0500)
committerAdam Langley <agl@golang.org>
Tue, 4 Feb 2014 15:51:37 +0000 (10:51 -0500)
This reduces the ability to fingerprint TLS connections.

The impeteus for this change was a recent change to OpenSSL
by Nick Mathewson:

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2016265dfb

LGTM=agl
R=agl
CC=golang-codereviews
https://golang.org/cl/57230043

src/pkg/crypto/tls/handshake_client.go patch | blob | history
src/pkg/crypto/tls/handshake_server.go patch | blob | history

diff --git a/src/pkg/crypto/tls/handshake_client.go b/src/pkg/crypto/tls/handshake_client.go
index 49ff0d768f0c7f62336d1a61ff122fa3c4f9cbbe..dbbccfee46de4f691cf927a6b05253830a2821f1 100644 (file)
--- a/src/pkg/crypto/tls/handshake_client.go
+++ b/src/pkg/crypto/tls/handshake_client.go
@@ -63,12 +63,7 @@ NextCipherSuite:
                }
        }
 
-       t := uint32(c.config.time().Unix())
-       hello.random[0] = byte(t >> 24)
-       hello.random[1] = byte(t >> 16)
-       hello.random[2] = byte(t >> 8)
-       hello.random[3] = byte(t)
-       _, err := io.ReadFull(c.config.rand(), hello.random[4:])
+       _, err := io.ReadFull(c.config.rand(), hello.random)
        if err != nil {
                c.sendAlert(alertInternalError)
                return errors.New("tls: short read from Rand: " + err.Error())
diff --git a/src/pkg/crypto/tls/handshake_server.go b/src/pkg/crypto/tls/handshake_server.go
index ceb032a805c63124ab25e39729a49eea276ec001..e441ccbcce57746b2d060aa7ee6775169e5a659e 100644 (file)
--- a/src/pkg/crypto/tls/handshake_server.go
+++ b/src/pkg/crypto/tls/handshake_server.go
@@ -146,17 +146,12 @@ Curves:
        }
 
        hs.hello.vers = c.vers
-       t := uint32(config.time().Unix())
        hs.hello.random = make([]byte, 32)
-       hs.hello.random[0] = byte(t >> 24)
-       hs.hello.random[1] = byte(t >> 16)
-       hs.hello.random[2] = byte(t >> 8)
-       hs.hello.random[3] = byte(t)
-       hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation
-       _, err = io.ReadFull(config.rand(), hs.hello.random[4:])
+       _, err = io.ReadFull(config.rand(), hs.hello.random)
        if err != nil {
                return false, c.sendAlert(alertInternalError)
        }
+       hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation
        hs.hello.compressionMethod = compressionNone
        if len(hs.clientHello.serverName) > 0 {
                c.serverName = hs.clientHello.serverName
Go GOST TLS 1.3