Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#13586 closed defect (fixed)

Use security.ssl.disable_session_identifiers pref in meek-http-helper to restore TLS session tickets

Reported by: dcf Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: meek TorBrowserTeam201410R TorBrowserTeam201410Easy
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


comment:1:ticket:13442 shows that meek-http-helper in Tor Browser 4.0 doesn't match stock Firefox because it is missing the TLS session ticket extension. It's because of #10822 (and upstream Mozilla #917049 and #967977) which replaced one pref with another.

I've tested manually that setting security.ssl.disable_session_identifiers=false restores the missing extension. A test build with this patch has just started, but it's straightforward enough that I'll attach it now.

Child Tickets

Attachments (1)

0001-Use-the-new-security.ssl.disable_session_identifiers.patch (1.8 KB) - added by dcf 6 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 Changed 6 years ago by dcf

Status: newneeds_review

comment:2 Changed 6 years ago by mikeperry

Resolution: fixed
Status: needs_reviewclosed

I merged this for the next 4.0 and also for 4.5-alpha-1 (though gitrw is down right this second, will push later).

comment:3 Changed 6 years ago by gk

This is commit 110ff7e7077c9311c33cdacb472a45fbbf490559 (maint-4.0) and commit a609ff09f7ba996ac51da49bdcef3ee796d58959 (master).

comment:4 Changed 6 years ago by dcf

I updated doc/meek#Sampleclienthellos and verified Tor Browser 4.0.2 matches with Firefox 31.

Note: See TracTickets for help on using tickets.