[tor-bugs] #13586 [Tor Browser]: Use security.ssl.disable_session_identifiers pref in meek-http-helper to restore TLS session tickets

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Oct 26 19:19:44 UTC 2014


#13586: Use security.ssl.disable_session_identifiers pref in meek-http-helper to
restore TLS session tickets
-------------------------------------------------+-------------------------
 Reporter:  dcf                                  |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  normal                               |         Status:  new
Component:  Tor Browser                          |      Milestone:
 Keywords:  meek TorBrowserTeam201410R           |        Version:
  TorBrowserTeam201410Easy                       |  Actual Points:
Parent ID:                                       |         Points:
-------------------------------------------------+-------------------------
 comment:1:ticket:13442 shows that meek-http-helper in Tor Browser 4.0
 doesn't match stock Firefox because it is missing the TLS session ticket
 extension. It's because of #10822 (and upstream Mozilla
 [https://bugzilla.mozilla.org/show_bug.cgi?id=917049 #917049] and
 [https://bugzilla.mozilla.org/show_bug.cgi?id=967977 #967977]) which
 replaced one pref with another.

 I've tested manually that setting
 `security.ssl.disable_session_identifiers=false` restores the missing
 extension. A test build with this patch has just started, but it's
 straightforward enough that I'll attach it now.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13586>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list