[tor-dev] handling TLS Session Ticket/Identifier for Android
Georg Koppen
gk at torproject.org
Tue Oct 25 13:22:00 UTC 2016
Tom Ritter:
> The info I gave you was for Tor Browser, the the latter (about session
> ID) is actually wrong. TBB disables both.
>
> https://trac.torproject.org/projects/tor/ticket/20447#ticket
> https://gitweb.torproject.org/tor-browser.git/tree/security/manager/ssl/nsNSSComponent.cpp?h=tor-browser-45.4.0esr-6.5-1#n724
>
> Also: https://trac.torproject.org/projects/tor/ticket/4099
Don't forget https://trac.torproject.org/projects/tor/ticket/17252 which
is our medium/long term plan.
I spoke about binding the TLS session resumption and ID to the URL bar
domain with some Mozilla folks a while back and they seemed to be quite
amenable to this kind of patch idea. I guess I finally should file that
bug in Mozilla's bugtracker to get it on everybody's radar...
Georg
> Core Tor also disables both also AFAICT:
> https://gitweb.torproject.org/tor.git/commit/?id=8743080a289a20bfaf0a67d6382ba0c2a6d6534d
> https://gitweb.torproject.org/tor.git/tree/src/common/tortls.c#n1164
>
> -tom
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20161025/04badc5c/attachment.sig>
More information about the tor-dev
mailing list