[tor-bugs] #4099 [Tor Browser]: Disable TLS session resumption and HTTP keep-alive
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Sep 26 23:58:23 UTC 2011
#4099: Disable TLS session resumption and HTTP keep-alive
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor Browser | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
We need to disable TLS session resumption and HTTP keep-alive to prevent
third parties from possibly using them to track users between different
domains.
Ideally, we should simply prevent 3rd party origins from using these two
features, but I suspect that differentiating 3rd party loads at the HTTP
and TLS layers will prove difficult.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4099>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list