[tor-bugs] #4099 [Tor Browser]: Disable TLS session resumption and HTTP keep-alive
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Oct 20 02:02:50 UTC 2011
#4099: Disable TLS session resumption and HTTP keep-alive
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor Browser | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by ioerror):
Here's my patch for reducing SSL session linkability:
{{{
diff --git a/src/chrome/content/torbutton.js
b/src/chrome/content/torbutton.js
index 966e574..18fcee0 100644
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@ -1949,6 +1949,10 @@ function torbutton_update_status(mode,
force_update) {
!m_tb_prefs.getBoolPref("security.enable_ssl2"));
}
+ // Disable ssl session identifiers
+ // https://trac.torproject.org/projects/tor/ticket/4099
+ m_tb_prefs.setBoolPref("security.enable_tls_session_tickets", false);
+
// This clears the OCSP cache.
//
// nsNSSComponent::Observe() watches security.OCSP.enabled, which
calls
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4099#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list