[tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Sep 15 06:16:05 UTC 2018


#27719: Treat unsafe renegotiation as broken
------------------------------------------+----------------------
     Reporter:  cypherpunks2              |      Owner:  tbb-team
         Type:  enhancement               |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 Tor Browser currently has `security.ssl.treat_unsafe_negotiation_as_broken
 = false` which means that sites with unsafe renegotiation will not display
 any warnings. Unsafe renegotiation makes MITM attacks possible, so this
 setting should be changed to `true` so vulnerable sites display a warning
 (red padlock indicating broken encryption).

 See https://security.stackexchange.com/a/111922 for more information.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27719>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list