[tor-bugs] #28536 [Core Tor]: SuperCookie Built Into TLS 1.2 and 1.3

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 20 11:58:28 UTC 2018


#28536: SuperCookie Built Into TLS 1.2 and 1.3
-----------------------+--------------------------
 Reporter:  heyjoe     |          Owner:  (none)
     Type:  defect     |         Status:  new
 Priority:  Very High  |      Component:  Core Tor
  Version:             |       Severity:  Normal
 Keywords:             |  Actual Points:
Parent ID:             |         Points:
 Reviewer:             |        Sponsor:
-----------------------+--------------------------
 https://soylentnews.org/article.pl?sid=18/11/20/0326226

 https://www.privateinternetaccess.com/blog/2018/11/supercookey-a
 -supercookie-built-into-tls-1-2-and-1-3/

 Proposed 'about:config' mitigation:


 security.tls.enable_0rtt_data   existing key    false
 security.ssl.disable_session_identifiers        create new key  true
 privacy.firstparty.isolate      existing key    true
 security.ssl.enable_false_start existing key    false

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28536>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list