[tor-bugs] #12766 [meek]: Disable TLSv1.1 and TLSv1.2 in the Firefox helper

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 27 23:41:04 UTC 2014


#12766: Disable TLSv1.1 and TLSv1.2 in the Firefox helper
------------------------+----------------------------------
     Reporter:  dcf     |      Owner:  dcf
         Type:  defect  |     Status:  closed
     Priority:  normal  |  Milestone:
    Component:  meek    |    Version:
   Resolution:  fixed   |   Keywords:  TorBrowserTeam201408
Actual Points:          |  Parent ID:
       Points:          |
------------------------+----------------------------------

Comment (by dcf):

 Replying to [comment:4 mikeperry]:
 > Hrmm. I think you probably want to blend in with Firefox 31 regardless.
 It is more common than FF24ESR. Though, I'm not sure if
 security.tls.version.max=3 looked like Firefox 31 if it was done from a
 Firefox 24 build. It may not.

 It's a nice idea, but the ciphersuites, at least, offered by Firefox 31
 are different than those offered by 24:
  * https://bugzilla.mozilla.org/show_bug.cgi?id=936828
  * https://bugzilla.mozilla.org/show_bug.cgi?id=946147#c1 amusing followup
 about broken servers ignoring the MSB of the ciphersuite ID
 See https://www.ssllabs.com/ssltest/viewMyClient.html for an online test.
 I don't think we'll win in the long run making Firefox try to look like
 anything other than its true version; there are too many dead-parrot
 issues. Firefox 24 is less common than Firefox 31, but Firefox 24
 ciphersuites with TLSv1.2 is likely to be less common than both.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12766#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list