commit 6ee519475ea1fdafe9dff805d550c9600cf6ce4c Author: Mike Perry mikeperry-git@fscked.org Date: Thu Dec 8 15:36:26 2011 -0800

Bug 4099: Disable TLS session tickets to limit linkability

Session IDs are disabled in a TBB patch. --- src/chrome/content/torbutton.js | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index beb43ab..57261c9 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -1966,6 +1966,10 @@ function torbutton_update_status(mode, force_update) { !m_tb_prefs.getBoolPref("security.enable_ssl2")); }

+ // Disable ssl session tickets for tor usage + // https://trac.torproject.org/projects/tor/ticket/4099 + m_tb_prefs.setBoolPref("security.enable_tls_session_tickets", !mode); + // Lower keep-alive timeout to reduce cross-domain linkability // https://trac.torproject.org/projects/tor/ticket/4603 if (mode) {