[tor-bugs] #8420 [TorBirdy]: Opt-out from TLS-specific settings

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 6 23:51:21 UTC 2013


#8420: Opt-out from TLS-specific settings
-------------------------+--------------------------------------------------
 Reporter:  sukhbir      |          Owner:  ioerror
     Type:  enhancement  |         Status:  new    
 Priority:  normal       |      Milestone:         
Component:  TorBirdy     |        Version:         
 Keywords:               |         Parent:         
   Points:               |   Actualpoints:         
-------------------------+--------------------------------------------------
 We should have an opt-out from the following TLS settings:

 "security.ssl.require_safe_negotiation"
 "security.ssl.treat_unsafe_negotiation_as_broken"

 Even though this is not such a good idea, but many servers do not support
 TLS with secure renegotiation (or are using an older version of the
 protocol), and because we are enforcing this setting, some users are not
 able to use TorBirdy at all.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8420>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list