commit 3c581f8426f4fd477eb26d2893dbdec42d76e23d Author: David Fifield david@bamsoftware.com Date: Fri Aug 15 18:02:53 2014 -0700

Set security.tls.version.max=1 in meek-http-helper.

#11253 set security.tls.version.max=3 (i.e., TLSv1.2). We need to set it back to 1 (TLSv1.0) in the helper, or else we look unlike an ordinary installation of Firefox 24.

https://trac.torproject.org/projects/tor/ticket/12766 --- Bundle-Data/PTConfigs/meek-http-helper-user.js | 8 ++++++++ 1 file changed, 8 insertions(+)

diff --git a/Bundle-Data/PTConfigs/meek-http-helper-user.js b/Bundle-Data/PTConfigs/meek-http-helper-user.js index cddc237..26fd819 100644 --- a/Bundle-Data/PTConfigs/meek-http-helper-user.js +++ b/Bundle-Data/PTConfigs/meek-http-helper-user.js @@ -4,6 +4,14 @@ // to stdout. user_pref("browser.dom.window.dump.enabled", true);

+// Make TLSv1.0 the maximum TLS version, as in stock Firefox 24. Since #11253, +// Tor Browser overrides the maximum to TLSv1.2, which would cause us to look +// unlike ordinary Firefox 24. +// https://trac.torproject.org/projects/tor/ticket/11253 +// https://trac.torproject.org/projects/tor/ticket/12766 +// http://kb.mozillazine.org/Security.tls.version.* +user_pref("security.tls.version.max", 1); + // Enable TLS session tickets (disabled by default in Tor Browser). Otherwise // there is a missing TLS extension. // https://trac.torproject.org/projects/tor/ticket/11183#comment:9