[tor-bugs] #11253 [Firefox Patch Issues]: Turn on TLS 1.1 and 1.2 in TorBrowser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 20 17:05:48 UTC 2014
#11253: Turn on TLS 1.1 and 1.2 in TorBrowser
-------------------------------------------------+-------------------------
Reporter: YunoTLS | Owner:
Type: enhancement | mikeperry
Priority: critical | Status: new
Component: Firefox Patch Issues | Milestone:
Keywords: TLS, SSL, security, privacy, | Version:
TorBrowser | Actual Points:
Parent ID: | Points:
-------------------------------------------------+-------------------------
TLS 1.1 and TLS 1.2 support is already implemented in FF 24 ESR, but for
some unknown reason Mozilla haven't truned it on by default, even though
TLS 1.1 and 1.2 is supported by Chrome, IE, Opera, and FF stable (the non-
ESR version).
Thru about:config, search for security.tls.version.max and replace 1 with
3 and that's it.
Note we're not disabling SSL 3.0 so no sites at all will be broken.
The reasons and benefits for enaling TLS 1.1 and 1.2 are obvious and self-
evident, including
-higher security for encrypted traffic to websites leaving Tor exit nodes
-Making the said traffic ubove resistant to cryptanalysis and sniffing
There are no draw backs from this upgrade because SSL 3.0 will not be
disbaled and hence websites not supporting TLS 1.1 and 1.2 will not be
broken and will function as normal.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11253>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list