[tor-bugs] #11253 [Firefox Patch Issues]: Turn on TLS 1.1 and 1.2 in TorBrowser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 21 16:52:03 UTC 2014
#11253: Turn on TLS 1.1 and 1.2 in TorBrowser
-------------------------------------+-------------------------------------
Reporter: YunoTLS | Owner: mikeperry
Type: enhancement | Status: new
Priority: critical | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-pref,
Resolution: | MikePerry201403
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Changes (by mikeperry):
* keywords: TLS, SSL, security, privacy, TorBrowser => tbb-pref,
MikePerry201403
* cc: gk (added)
Comment:
Seems reasonable on face. My only concern is that I would actually like to
see Mozilla's reasoning for not enabling this yet (untested code? new code
with higher vulnerability surface?).
Note also that Mozilla does not usually backport security fixes in prefs
that default to off, so if there have been vulnerabilities (or even
generic memory safety hazards) in this new TLS code, fixes for them may
not have been backported to 24ESR. We'll likely need to scan hg log of the
NSS code to be sure of this (or at least ask people who work on NSS at
Mozilla/Google/Redhat).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11253#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list