#17252: Confirm TLS session resumption/ID are isolated to the URL bar domain, and re-enable them -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- | team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-linkability, ff52-esr, | Actual Points: TorBrowserTeam201711, tbb-performance | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by arthuredelstein): I just noticed that the pref "security.enable_tls_session_tickets" was removed from Firefox in 2013: https://bugzilla.mozilla.org/show_bug.cgi?id=917049. So we can definitely remove that pref from `browser/app/profile/000-tor-browser.js`. Fortunately, the pref we uplifted in 2014, "security.ssl.disable_session_identifiers" is still present in Firefox, and is [https://bugzilla.mozilla.org/show_bug.cgi?id=967977 designed to disable both session IDs and session tickets]. The question remains whether we should remove this pref as well. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17252#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs