[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser-bundle/master] Set security.tls.version.max=1 in meek-http-helper.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor-browser-bundle/master] Set security.tls.version.max=1 in meek-http-helper.
From: gk@xxxxxxxxxxxxxx
Date: Thu, 21 Aug 2014 09:03:55 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 21 Aug 2014 05:04:08 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: David Fifield <david@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 3c581f8426f4fd477eb26d2893dbdec42d76e23d
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date:   Fri Aug 15 18:02:53 2014 -0700

    Set security.tls.version.max=1 in meek-http-helper.
    
    #11253 set security.tls.version.max=3 (i.e., TLSv1.2).
    We need to set it back to 1 (TLSv1.0) in the helper, or else we look
    unlike an ordinary installation of Firefox 24.
    
    https://trac.torproject.org/projects/tor/ticket/12766
---
 Bundle-Data/PTConfigs/meek-http-helper-user.js |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Bundle-Data/PTConfigs/meek-http-helper-user.js b/Bundle-Data/PTConfigs/meek-http-helper-user.js
index cddc237..26fd819 100644
--- a/Bundle-Data/PTConfigs/meek-http-helper-user.js
+++ b/Bundle-Data/PTConfigs/meek-http-helper-user.js
@@ -4,6 +4,14 @@
 // to stdout.
 user_pref("browser.dom.window.dump.enabled", true);
 
+// Make TLSv1.0 the maximum TLS version, as in stock Firefox 24. Since #11253,
+// Tor Browser overrides the maximum to TLSv1.2, which would cause us to look
+// unlike ordinary Firefox 24.
+// https://trac.torproject.org/projects/tor/ticket/11253
+// https://trac.torproject.org/projects/tor/ticket/12766
+// http://kb.mozillazine.org/Security.tls.version.*
+user_pref("security.tls.version.max", 1);
+
 // Enable TLS session tickets (disabled by default in Tor Browser). Otherwise
 // there is a missing TLS extension.
 // https://trac.torproject.org/projects/tor/ticket/11183#comment:9

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor-browser-bundle/master] We want to have nightlies with the new OpenSSL.
Next by Author: [tor-commits] [tor-browser-bundle/master] Bumping OpenSSL without its hash does not fly.
Previous by thread: [tor-commits] [bridgedb/develop] Add unittests for bridgedb.bridgerequest.
Next by thread: [tor-commits] [translation/tails-iuk_completed] Update translations for tails-iuk_completed
Index(es):
- Author
- Thread