[tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Sep 15 06:16:05 UTC 2018
#27719: Treat unsafe renegotiation as broken
------------------------------------------+----------------------
Reporter: cypherpunks2 | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
Tor Browser currently has `security.ssl.treat_unsafe_negotiation_as_broken
= false` which means that sites with unsafe renegotiation will not display
any warnings. Unsafe renegotiation makes MITM attacks possible, so this
setting should be changed to `true` so vulnerable sites display a warning
(red padlock indicating broken encryption).
See https://security.stackexchange.com/a/111922 for more information.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27719>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list