[tor-bugs] #4099 [Tor Browser]: Disable TLS session resumption and HTTP keep-alive

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Nov 29 08:13:13 UTC 2011


#4099: Disable TLS session resumption and HTTP keep-alive
----------------------------------------+-----------------------------------
 Reporter:  mikeperry                   |          Owner:  mikeperry                    
     Type:  defect                      |         Status:  new                          
 Priority:  major                       |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor Browser                 |        Version:                               
 Keywords:  MikePerryIteration20111120  |         Parent:                               
   Points:  1                           |   Actualpoints:                               
----------------------------------------+-----------------------------------

Comment(by gk):

 Replying to [comment:14 mikeperry]:
 > gk: So you're saying that while the pref does in fact disable TLS
 session resumption, it does not disable SSL Session IDs, correct?

 Yes.

 > So technically, I guess that means we should apply the pref, close this
 ticket, and open a new one to disable SSL Session IDs?

 Yes. And maybe you could update the TorBrowser spec accordingly (section
 3.5.6).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4099#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list