[tor-bugs] #7189 [Tor]: Disabling TLS tickets makes us look unlike firefox
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Oct 22 18:11:14 UTC 2012
#7189: Disabling TLS tickets makes us look unlike firefox
----------------------------+-----------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor | Version:
Keywords: tor-client tls | Parent:
Points: | Actualpoints:
----------------------------+-----------------------------------------------
In #7139, we disabled TLS tickets so that we wouldn't do TLS-ticket based
session resumption, to make PFS work right again on our OpenSSL
connections.
On the server side, this is probably the right choice for fingerprinting:
servers that don't support session resumption also don't support TLS
tickets.
But on the client side, it might not be the right choice: firefox
advertises support for TLS tickets, I hear. Oops.
This is a nontrivial decision to make. If a client says that it supports
TLS tickets, and it is talking to an older Tor server that hasn't disabled
them, it will get degraded PFS. But if a client doesn't say it supports
TLS tickets, it will apparently be more distinguishable.
We backported #7139 to the 0.2.2 branch; any fix here should get
backported too.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7189>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list