[tbb-bugs] #17442 [Tor Browser]: adjust or remove updater cert pinning

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 28 13:04:49 UTC 2015

#17442: adjust or remove updater cert pinning
     Reporter:  mcs          |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:
 The updater uses a couple of hidden prefs. to do its own form of cert
 pinning. But changes are afoot on the server side; see

 Here are the hidden prefs we currently use inside Tor Browser:
 pref("app.update.certs.1.issuerName", "CN=DigiCert SHA2 High Assurance
 Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US");
 pref("app.update.certs.1.commonName", "*.torproject.org");

 These prefs are consulted when the update code connects to

 I am not an expert in this area, but it seems like it might be better to
 just disable the updater-specific checks that use the above prefs. and
 instead rely on the more general pinning that is defined inside
 security/manager/boot/src/StaticHPKPins.h (when we added these updater
 prefs, we did not yet have the more general form of pinning in place).

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17442>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list