Confirm TLS session resumption/ID are isolated to the URL bar domain, and re-enable them

In #4099 (closed) we disabled both TLS session resumption and session IDs due to tracking risks. We should bind them to the URL bar domain instead if that is possible.

added TorBrowserTeam201808R component::applications/tor browser ff60-esr owner::tbb-team priority::high resolution::fixed severity::normal status::closed tbb-linkability tbb-performance type::enhancement labels

See https://bugzilla.mozilla.org/show_bug.cgi?id=1316283.

Trac:
Username: jhao
Severity: N/A to Normal
Reviewer: N/A to N/A

That made it into ESR52 it seems. Let's check whether it is working as we want when we transtition to ESR52 and let's think about enabling both again then.

Trac:
Keywords: N/A deleted, ff52-esr added

SSL session tickets and session IDs would be very nice to re-enable now if we can, given that every TLS handshake takes two round trips, a big performance penalty when using the tor network.

Trac:
Summary: Isolate TLS session resumption/ID to the URL bar domain to Confirm TLS session resumption/ID are isolated to the URL bar domain, and re-enable them
Keywords: N/A deleted, TorBrowserTeam201711, tbb-performance added

Trac:
Cc: N/A to arthuredelstein

I just noticed that the pref "security.enable_tls_session_tickets" was removed from Firefox in 2013: https://bugzilla.mozilla.org/show_bug.cgi?id=917049. So we can definitely remove that pref from browser/app/profile/000-tor-browser.js.

Fortunately, the pref we uplifted in 2014, "security.ssl.disable_session_identifiers" is still present in Firefox, and is designed to disable both session IDs and session tickets. The question remains whether we should remove this pref as well.

Moving tickets to December 2017

Moving tickets to December 2017, for realz.

Trac:
Keywords: TorBrowserTeam201711 deleted, TorBrowserTeam201712 added

Moving tickets to 2018.

Trac:
Keywords: TorBrowserTeam201712 deleted, TorBrowserTeam201801 added

Moving tickets to Feb

Trac:
Keywords: TorBrowserTeam201801 deleted, TorBrowserTeam201802 added

Adding to our March plate.

Trac:
Keywords: TorBrowserTeam201802 deleted, TorBrowserTeam201803 added

Moving our tickets to April.

Trac:
Keywords: TorBrowserTeam201803 deleted, TorBrowserTeam201804 added

Moving remaining tickets to May.

Trac:
Keywords: TorBrowserTeam201804 deleted, TorBrowserTeam201805 added

#26218 (moved) is a duplicate.

Trac:
Keywords: ff52-esr deleted, ff60-esr added

Moving our tickets to June 2018

Trac:
Keywords: TorBrowserTeam201805 deleted, TorBrowserTeam201806 added

More tickets for July.

Trac:
Keywords: TorBrowserTeam201806 deleted, TorBrowserTeam201807 added

Trac:
Priority: Medium to High

Move our tickets to August.

Trac:
Keywords: TorBrowserTeam201807 deleted, TorBrowserTeam201808 added

Jonathan Hao at Mozilla implemented FPI (OriginAttribute isolation) of session identifiers and session tickets in https://hg.mozilla.org/mozilla-central/rev/9aba8184664d. That patch includes unit tests to show that isolation is effective when "privacy.firstparty.isolate" is enabled.

I also reviewed the code to understand it better:

Each session ticket or session identifier is stored in an instance of the same sslSessionID struct: https://dxr.mozilla.org/mozilla-esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/security/nss/lib/ssl/sslimpl.h#462

sslSessionID instances are stored in the session cache, keyed by a peerID string: https://dxr.mozilla.org/mozilla-esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/security/nss/lib/ssl/sslnonce.c#285

The security manager sets the peerID string to include OriginAttributes suffix from the socket: https://dxr.mozilla.org/mozilla-esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/security/manager/ssl/nsNSSIOLayer.cpp#2709

Therefore we can be confident that session tickets/identifiers are isolated by first party. So here's my patch for review (applied on top of my proposed #14952 (moved) patch):

https://github.com/arthuredelstein/tor-browser/commit/17252

Trac:
Keywords: TorBrowserTeam201808 deleted, TorBrowserTeam201808R added

Looks good. I cherry-picked the patch on top of tor-browser-60.1.0esr-8.0-1 (commit 975b6f238bf21fc0e567f7622871a3f55722913d).

Trac:
Status: new to closed
Resolution: N/A to fixed