[tor-bugs] #28536 [Core Tor]: SuperCookie Built Into TLS 1.2 and 1.3
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 20 11:58:28 UTC 2018
#28536: SuperCookie Built Into TLS 1.2 and 1.3
-----------------------+--------------------------
Reporter: heyjoe | Owner: (none)
Type: defect | Status: new
Priority: Very High | Component: Core Tor
Version: | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------+--------------------------
https://soylentnews.org/article.pl?sid=18/11/20/0326226
https://www.privateinternetaccess.com/blog/2018/11/supercookey-a
-supercookie-built-into-tls-1-2-and-1-3/
Proposed 'about:config' mitigation:
security.tls.enable_0rtt_data existing key false
security.ssl.disable_session_identifiers create new key true
privacy.firstparty.isolate existing key true
security.ssl.enable_false_start existing key false
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28536>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list