[tor-bugs] #4099 [Tor Browser]: Disable TLS session resumption and HTTP keep-alive
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Oct 26 12:30:03 UTC 2011
#4099: Disable TLS session resumption and HTTP keep-alive
----------------------------------------+-----------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor Browser | Version:
Keywords: MikePerryIteration20111106 | Parent:
Points: 1 | Actualpoints:
----------------------------------------+-----------------------------------
Comment(by gk):
I am not sure what the pref is actually doing yet but according to my test
setup with ssldump it won't help us here. I tested the following with
ssldump listening:
1) Load https://anonym-surfen.de (in it an image from https://ip-check.org
is loaded)
2) Load https://twitter.com
3) Load https://anonym-surfen.de
4) Load the image URL as first party (I tweaked a parameter of this URL
slightly to avoid caching issues)
At least for the image I could verify that the same session ID is used
throughout 1)-4) and "security.enable_tls_session_tickets" was set to
"false".
I hope I did something wrong here but I already double-checked my results
and it does not seem to be the case.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4099#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list