[tbb-bugs] #19366 [Applications/Tor Browser]: torbrowser stream isolation considers domain:443 different from domain:444

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 10 05:46:18 UTC 2016


#19366: torbrowser stream isolation considers domain:443 different from domain:444
--------------------------------------+----------------------------
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  closed
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:  worksforme
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+----------------------------
Changes (by yawning):

 * status:  new => closed
 * resolution:   => worksforme


Comment:

 Tor Browser does not isolate base on ports.  The `IsolateDestPort` option
 is *not* set, and the domain isolator doesn't look at the port at all when
 it generates/retrieves the auth based isolation nonce.

 Eg: `example.com` via http and https use the same circuit.

 The only thing I can think of that's happening is that you really do
 happen to mean "port 800" which isn't a commonly allowed destination port.
 If you used an Exit that allows port 80, but does not allow port 800, then
 the tor daemon has no choice but to create a new circuit with a more
 suitable Exit for the 2nd request.

 This is totally orthogonal to isolation (which should be/is doing the
 right thing), and boils down to Tor Browser not being clairvoyant.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19366#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list