Opened 3 years ago

Closed 4 days ago

#17252 closed enhancement (fixed)

Confirm TLS session resumption/ID are isolated to the URL bar domain, and re-enable them

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-linkability, ff60-esr, tbb-performance, TorBrowserTeam201808R
Cc: arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In #4099 we disabled both TLS session resumption and session IDs due to tracking risks. We should bind them to the URL bar domain instead if that is possible.

Child Tickets

Change History (19)

comment:2 Changed 21 months ago by gk

Keywords: ff52-esr added

That made it into ESR52 it seems. Let's check whether it is working as we want when we transtition to ESR52 and let's think about enabling both again then.

comment:3 Changed 10 months ago by arthuredelstein

Keywords: TorBrowserTeam201711 tbb-performance added
Summary: Isolate TLS session resumption/ID to the URL bar domainConfirm TLS session resumption/ID are isolated to the URL bar domain, and re-enable them

SSL session tickets and session IDs would be very nice to re-enable now if we can, given that every TLS handshake takes two round trips, a big performance penalty when using the tor network.

comment:4 Changed 10 months ago by arthuredelstein

Cc: arthuredelstein added

comment:5 Changed 9 months ago by arthuredelstein

I just noticed that the pref "security.enable_tls_session_tickets" was removed from Firefox in 2013: https://bugzilla.mozilla.org/show_bug.cgi?id=917049. So we can definitely remove that pref from browser/app/profile/000-tor-browser.js.

Fortunately, the pref we uplifted in 2014, "security.ssl.disable_session_identifiers" is still present in Firefox, and is designed to disable both session IDs and session tickets. The question remains whether we should remove this pref as well.

comment:6 Changed 8 months ago by gk

Moving tickets to December 2017

comment:7 Changed 8 months ago by gk

Keywords: TorBrowserTeam201712 added; TorBrowserTeam201711 removed

Moving tickets to December 2017, for realz.

comment:8 Changed 7 months ago by gk

Keywords: TorBrowserTeam201801 added; TorBrowserTeam201712 removed

Moving tickets to 2018.

comment:9 Changed 6 months ago by gk

Keywords: TorBrowserTeam201802 added; TorBrowserTeam201801 removed

Moving tickets to Feb

comment:10 Changed 5 months ago by gk

Keywords: TorBrowserTeam201803 added; TorBrowserTeam201802 removed

Adding to our March plate.

comment:11 Changed 4 months ago by gk

Keywords: TorBrowserTeam201804 added; TorBrowserTeam201803 removed

Moving our tickets to April.

comment:12 Changed 3 months ago by gk

Keywords: TorBrowserTeam201805 added; TorBrowserTeam201804 removed

Moving remaining tickets to May.

comment:13 Changed 3 months ago by gk

Keywords: ff60-esr added; ff52-esr removed

#26218 is a duplicate.

comment:14 Changed 2 months ago by gk

Keywords: TorBrowserTeam201806 added; TorBrowserTeam201805 removed

Moving our tickets to June 2018

comment:15 Changed 6 weeks ago by gk

Keywords: TorBrowserTeam201807 added; TorBrowserTeam201806 removed

More tickets for July.

comment:16 Changed 6 weeks ago by gk

Priority: MediumHigh

comment:17 Changed 2 weeks ago by gk

Keywords: TorBrowserTeam201808 added; TorBrowserTeam201807 removed

Move our tickets to August.

comment:18 Changed 7 days ago by arthuredelstein

Keywords: TorBrowserTeam201808R added; TorBrowserTeam201808 removed

Jonathan Hao at Mozilla implemented FPI (OriginAttribute isolation) of session identifiers and session tickets in https://hg.mozilla.org/mozilla-central/rev/9aba8184664d. That patch includes unit tests to show that isolation is effective when "privacy.firstparty.isolate" is enabled.

I also reviewed the code to understand it better:

Each session ticket or session identifier is stored in an instance of the same sslSessionID struct:
https://dxr.mozilla.org/mozilla-esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/security/nss/lib/ssl/sslimpl.h#462

sslSessionID instances are stored in the session cache, keyed by a peerID string:
https://dxr.mozilla.org/mozilla-esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/security/nss/lib/ssl/sslnonce.c#285

The security manager sets the peerID string to include OriginAttributes suffix from the socket:
https://dxr.mozilla.org/mozilla-esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/security/manager/ssl/nsNSSIOLayer.cpp#2709

Therefore we can be confident that session tickets/identifiers are isolated by first party. So here's my patch for review (applied on top of my proposed #14952 patch):

https://github.com/arthuredelstein/tor-browser/commit/17252

Last edited 7 days ago by arthuredelstein (previous) (diff)

comment:19 Changed 4 days ago by gk

Resolution: fixed
Status: newclosed

Looks good. I cherry-picked the patch on top of tor-browser-60.1.0esr-8.0-1 (commit 975b6f238bf21fc0e567f7622871a3f55722913d).

Note: See TracTickets for help on using tickets.