Tom Ritter: > The info I gave you was for Tor Browser, the the latter (about session > ID) is actually wrong. TBB disables both. > > https://trac.torproject.org/projects/tor/ticket/20447#ticket > https://gitweb.torproject.org/tor-browser.git/tree/security/manager/ssl/nsNSSComponent.cpp?h=tor-browser-45.4.0esr-6.5-1#n724 > > Also: https://trac.torproject.org/projects/tor/ticket/4099 Don't forget https://trac.torproject.org/projects/tor/ticket/17252 which is our medium/long term plan. I spoke about binding the TLS session resumption and ID to the URL bar domain with some Mozilla folks a while back and they seemed to be quite amenable to this kind of patch idea. I guess I finally should file that bug in Mozilla's bugtracker to get it on everybody's radar... Georg > Core Tor also disables both also AFAICT: > https://gitweb.torproject.org/tor.git/commit/?id=8743080a289a20bfaf0a67d6382ba0c2a6d6534d > https://gitweb.torproject.org/tor.git/tree/src/common/tortls.c#n1164 > > -tom > _______________________________________________ > tor-dev mailing list > tor-dev@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev >
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev