[tor-bugs] #11253 [Firefox Patch Issues]: Turn on TLS 1.1 and 1.2 in TorBrowser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Mar 23 16:13:41 UTC 2014
#11253: Turn on TLS 1.1 and 1.2 in TorBrowser
-------------------------------------+-------------------------------------
Reporter: YunoTLS | Owner: mikeperry
Type: enhancement | Status: new
Priority: critical | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-pref,
Resolution: | MikePerry201403
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by Knightly):
Replying to [comment:2 mikeperry]:
> Seems reasonable on face. My only concern is that I would actually like
to see Mozilla's reasoning for not enabling this yet (untested code? new
code with higher vulnerability surface?).
>
> Note also that Mozilla does not usually backport security fixes in prefs
that default to off, so if there have been vulnerabilities (or even
generic memory safety hazards) in this new TLS code, fixes for them may
not have been backported to 24ESR. We'll likely need to scan hg log of the
NSS code to be sure of this (or at least ask people who work on NSS at
Mozilla/Google/Redhat).
The reason Mozilla didn't enable it in ESR is that they consider it a new
feature and not a security fix.
But as you said, we should check Mozilla for the reasoning, probably an
email to them would suffice.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11253#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list