[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] handling TLS Session Ticket/Identifier for Android
Hey all,
Since tor devs have thought about how to handle TLS Session Tickets and
Identifiers, I want to capture that approach and stick it into our
NetCipher library, which is also used in Orfox. As I understand it, the
approach is:
* disable TLS Session Tickets entirely
* reset TLS Session Identifiers on NEWNYM
Any plans to rethink this for TLS v1.3? Any other TLS tracking issues I
should be addressing in NetCipher? I'd also appreciate any references
on this topic (yes, I know how to find the relevant RFCs ;), like tor
trac tickets. My searches have come up with very little.
.hc
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev