[tbb-commits] [tor-browser-bundle/master] Set security.tls.version.max=1 in meek-http-helper.

gk at torproject.org gk at torproject.org
Thu Aug 21 09:03:55 UTC 2014


commit 3c581f8426f4fd477eb26d2893dbdec42d76e23d
Author: David Fifield <david at bamsoftware.com>
Date:   Fri Aug 15 18:02:53 2014 -0700

    Set security.tls.version.max=1 in meek-http-helper.
    
    #11253 set security.tls.version.max=3 (i.e., TLSv1.2).
    We need to set it back to 1 (TLSv1.0) in the helper, or else we look
    unlike an ordinary installation of Firefox 24.
    
    https://trac.torproject.org/projects/tor/ticket/12766
---
 Bundle-Data/PTConfigs/meek-http-helper-user.js |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Bundle-Data/PTConfigs/meek-http-helper-user.js b/Bundle-Data/PTConfigs/meek-http-helper-user.js
index cddc237..26fd819 100644
--- a/Bundle-Data/PTConfigs/meek-http-helper-user.js
+++ b/Bundle-Data/PTConfigs/meek-http-helper-user.js
@@ -4,6 +4,14 @@
 // to stdout.
 user_pref("browser.dom.window.dump.enabled", true);
 
+// Make TLSv1.0 the maximum TLS version, as in stock Firefox 24. Since #11253,
+// Tor Browser overrides the maximum to TLSv1.2, which would cause us to look
+// unlike ordinary Firefox 24.
+// https://trac.torproject.org/projects/tor/ticket/11253
+// https://trac.torproject.org/projects/tor/ticket/12766
+// http://kb.mozillazine.org/Security.tls.version.*
+user_pref("security.tls.version.max", 1);
+
 // Enable TLS session tickets (disabled by default in Tor Browser). Otherwise
 // there is a missing TLS extension.
 // https://trac.torproject.org/projects/tor/ticket/11183#comment:9



More information about the tbb-commits mailing list