Please sign in to comment.
Introduce privsep for private keys:
- Move RSA private keys to a new separate process instead of copying them to the relays. A custom RSA engine is used by the SSL/TLS code of the relay processes to send RSA private key encryption/decryption (also used for sign/verify) requests to the new "ca" processes instead of operating on the private key directly. - Each relay process gets its own related ca process. Setting "prefork 5" in the config file will spawn 10 processes (5 relay, 5 ca). This diff also reduces the default number of relay processes from 5 to 3 which should be suitable in most installations without a very heavy load. - Don't keep text versions of the keys in memory, parse them once and keep the binary representation. This might still be the case in OpenSSL's internals but will be fixed in the library. This diff doesn't prevent something like "heartbleed" but adds an additional mitigation to prevent leakage of the private keys from the processes doing SSL/TLS. With feedback from many ok benno@
- Loading branch information...
Showing with 652 additions and 100 deletions.
Oops, something went wrong.