[tor-bugs] #11253 [Firefox Patch Issues]: Turn on TLS 1.1 and 1.2 in TorBrowser

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Mar 23 16:13:41 UTC 2014


#11253: Turn on TLS 1.1 and 1.2 in TorBrowser
-------------------------------------+-------------------------------------
     Reporter:  YunoTLS              |      Owner:  mikeperry
         Type:  enhancement          |     Status:  new
     Priority:  critical             |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-pref,
   Resolution:                       |  MikePerry201403
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------

Comment (by Knightly):

 Replying to [comment:2 mikeperry]:
 > Seems reasonable on face. My only concern is that I would actually like
 to see Mozilla's reasoning for not enabling this yet (untested code? new
 code with higher vulnerability surface?).
 >
 > Note also that Mozilla does not usually backport security fixes in prefs
 that default to off, so if there have been vulnerabilities (or even
 generic memory safety hazards) in this new TLS code, fixes for them may
 not have been backported to 24ESR. We'll likely need to scan hg log of the
 NSS code to be sure of this (or at least ask people who work on NSS at
 Mozilla/Google/Redhat).

 The reason Mozilla didn't enable it in ESR is that they consider it a new
 feature and not a security fix.
 But as you said, we should check Mozilla for the reasoning, probably an
 email to them would suffice.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11253#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list