subject:"\[tor\-bugs\] #27719 \[Applications\/Tor Browser\]\: Treat unsafe renegotiation as broken"

Re: [tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken

2018-09-15 Thread Tor Bug Tracker & Wiki

#27719: Treat unsafe renegotiation as broken
--+--
 Reporter:  cypherpunks2  |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks2):

 Replying to [comment:1 gk]:
 > Relevant Moz bugs:
 >
 > https://bugzilla.mozilla.org/show_bug.cgi?id=535649 (original discussion
 and implementation)
 > https://bugzilla.mozilla.org/show_bug.cgi?id=665859 (flip the pref to
 `true` as this bug report requests)

 The second report is over 7 years old and no progress has been made (it's
 still status NEW). It's very possible that we'll have to toggle this
 ourselves if we want to avoid trivial MITM.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken

2018-09-15 Thread Tor Bug Tracker & Wiki

#27719: Treat unsafe renegotiation as broken
--+--
 Reporter:  cypherpunks2  |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Relevant Moz bugs:

 https://bugzilla.mozilla.org/show_bug.cgi?id=535649 (original discussion
 and implementation)
 https://bugzilla.mozilla.org/show_bug.cgi?id=665859 (flip the pref to
 `true` as this bug report requests)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken

2018-09-15 Thread Tor Bug Tracker & Wiki

#27719: Treat unsafe renegotiation as broken
--+--
 Reporter:  cypherpunks2  |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Tor Browser currently has `security.ssl.treat_unsafe_negotiation_as_broken
 = false` which means that sites with unsafe renegotiation will not display
 any warnings. Unsafe renegotiation makes MITM attacks possible, so this
 setting should be changed to `true` so vulnerable sites display a warning
 (red padlock indicating broken encryption).

 See https://security.stackexchange.com/a/111922 for more information.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken

Re: [tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken

[tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken

3 matches

Site Navigation

Mail list logo

Footer information