[tor-dev] handling TLS Session Ticket/Identifier for Android

Hans-Christoph Steiner hans at guardianproject.info
Mon Oct 24 16:29:28 UTC 2016

Hey all,

Since tor devs have thought about how to handle TLS Session Tickets and
Identifiers, I want to capture that approach and stick it into our
NetCipher library, which is also used in Orfox.  As I understand it, the
approach is:

* disable TLS Session Tickets entirely
* reset TLS Session Identifiers on NEWNYM

Any plans to rethink this for TLS v1.3?  Any other TLS tracking issues I
should be addressing in NetCipher?  I'd also appreciate any references
on this topic (yes, I know how to find the relevant RFCs ;), like tor
trac tickets.  My searches have come up with very little.


PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556

More information about the tor-dev mailing list