[tor-bugs] #4099 [Tor Browser]: Disable TLS session resumption and HTTP keep-alive
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Nov 22 14:25:37 UTC 2011
#4099: Disable TLS session resumption and HTTP keep-alive
----------------------------------------+-----------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor Browser | Version:
Keywords: MikePerryIteration20111120 | Parent:
Points: 1 | Actualpoints:
----------------------------------------+-----------------------------------
Comment(by gk):
> At least for the image I could verify that the same session ID is used
throughout 1)-4) and "security.enable_tls_session_tickets" was set to
"false".
>
> I hope I did something wrong here but I already double-checked my
results and it does not seem to be the case.
Replying to myself: After some more digging it turns out that Session ID
tracking and tracking via TLS resumption are different beasts (see:
https://tools.ietf.org/html/rfc5077 especially sections 3.4 and 5.8). That
would explain the still available session ID mentioned above even if the
pref in question is disabled.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4099#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list