[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7189 [Tor]: Disabling TLS tickets makes us look unlike firefox



#7189: Disabling TLS tickets makes us look unlike firefox
----------------------------+-----------------------------------------------
 Reporter:  nickm           |          Owner:                    
     Type:  defect          |         Status:  new               
 Priority:  major           |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor             |        Version:                    
 Keywords:  tor-client tls  |         Parent:                    
   Points:                  |   Actualpoints:                    
----------------------------+-----------------------------------------------

Comment(by arma):

 Replying to [ticket:7189 nickm]:
 > This is a nontrivial decision to make.  If a client says that it
 supports TLS tickets, and it is talking to an older Tor server that hasn't
 disabled them, it will get degraded PFS.  But if a client doesn't say it
 supports TLS tickets, it will apparently be more distinguishable.

 I'm not too worried about older Tors -- they will become more scarce over
 time.

 > We backported #7139 to the 0.2.2 branch; any fix here should get
 backported too.

 0.2.2 still uses the old (Firefox 3) cipher suite. So I'm not convinced
 this is true.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7189#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs