Is the TLS Transport in `OnionConnection` Secure?

[dwtj]

Is the way in which we are opening the transport secure?

[nskinkel]

We're currently doing the standard (pre-endpoints) Twisted way of connecting via TLS. Can you clarify what you mean by "secure" here?

I can think of a few reasons that it's not secure, but I'm not sure these are what you're referring to (I'm guessing not):

• lack of robust/any real error handling and recovery
• lack of certificate checks
• lack of ability to tear things down cleanly

It's not clear to me whether or not we have to use SSLv23_METHOD as our method, but if we don't we definitely should upgrade this. I'll play around with it and see if we can pop this up to TLSv1_METHOD.

Are there any other definitions of secure you were considering here?

[nskinkel]

Closed in 6601cdc7e3.

We're now doing much better error handling and cleanup, properly checking certificates as specified in tor-spec, and tearing things down when appropriate.

We should maybe be using Twisted endpoints, if possible, but that's not relevant to this issue.