crypto/tls: do not send the current time in hello messages

This reduces the ability to fingerprint TLS connections. The impeteus for this change was a recent change to OpenSSL by Nick Mathewson: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2016265dfb LGTM=agl R=agl CC=golang-codereviews https://golang.org/cl/57230043
2024-11-12 07:40:23 -07:00 · 2014-02-04 10:51:37 -05:00 · 2014-02-04 10:51:37 -05:00 · c2d02b3b9f
commit c2d02b3b9f
parent 3baceaa151
2 changed files with 3 additions and 13 deletions
--- a/src/pkg/crypto/tls/handshake_client.go
+++ b/src/pkg/crypto/tls/handshake_client.go
@ -63,12 +63,7 @@ NextCipherSuite:
 		}
 	}

-	t := uint32(c.config.time().Unix())
-	hello.random[0] = byte(t >> 24)
-	hello.random[1] = byte(t >> 16)
-	hello.random[2] = byte(t >> 8)
-	hello.random[3] = byte(t)
-	_, err := io.ReadFull(c.config.rand(), hello.random[4:])
+	_, err := io.ReadFull(c.config.rand(), hello.random)
 	if err != nil {
 		c.sendAlert(alertInternalError)
 		return errors.New("tls: short read from Rand: " + err.Error())
--- a/src/pkg/crypto/tls/handshake_server.go
+++ b/src/pkg/crypto/tls/handshake_server.go
@ -146,17 +146,12 @@ Curves:
 	}

 	hs.hello.vers = c.vers
-	t := uint32(config.time().Unix())
 	hs.hello.random = make([]byte, 32)
-	hs.hello.random[0] = byte(t >> 24)
-	hs.hello.random[1] = byte(t >> 16)
-	hs.hello.random[2] = byte(t >> 8)
-	hs.hello.random[3] = byte(t)
-	hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation
-	_, err = io.ReadFull(config.rand(), hs.hello.random[4:])
+	_, err = io.ReadFull(config.rand(), hs.hello.random)
 	if err != nil {
 		return false, c.sendAlert(alertInternalError)
 	}
+	hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation
 	hs.hello.compressionMethod = compressionNone
 	if len(hs.clientHello.serverName) > 0 {
 		c.serverName = hs.clientHello.serverName