crypto/tls: do not send the current time in hello messages

This reduces the ability to fingerprint TLS connections. The impeteus for this change was a recent change to OpenSSL by Nick Mathewson: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2016265dfb LGTM=agl R=agl CC=golang-codereviews https://golang.org/cl/57230043
2025-12-08 06:10:04 +00:00 · 2014-02-04 10:51:37 -05:00 · 2014-02-04 10:51:37 -05:00 · c2d02b3b9f
commit c2d02b3b9f
parent 3baceaa151
2 changed files with 3 additions and 13 deletions
--- a/src/pkg/crypto/tls/handshake_client.go
+++ b/src/pkg/crypto/tls/handshake_client.go
@ -63,12 +63,7 @@ NextCipherSuite:
 		}
 	}

-	t := uint32(c.config.time().Unix())
-	hello.random[0] = byte(t >> 24)
-	hello.random[1] = byte(t >> 16)
-	hello.random[2] = byte(t >> 8)
-	hello.random[3] = byte(t)
-	_, err := io.ReadFull(c.config.rand(), hello.random[4:])
+	_, err := io.ReadFull(c.config.rand(), hello.random)
 	if err != nil {
 		c.sendAlert(alertInternalError)
 		return errors.New("tls: short read from Rand: " + err.Error())