Disable logging of TLS/SSL key material by default in Tor Browser
We should think about backporting the fix for https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 as another defense-in-depth measure.
Activity
bug_18885 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_18885) has a possible backport for us up for review.
Trac:
Keywords: TorBrowserTeam201605 deleted, TorBrowserTeam201605R added
Status: assigned to needs_review-
Fixed in commit f5c58c88029648b608d75cdb06d82b06f0d30953. I actually doubt Mozilla is tweaking the patch more. In fact, curiously, Firefox is not even using it as the necko people and others got their pitchforks out and argued they needed that feature for debugging purposes even in optimized, non-debug builds. But in NSS it is still there.
Trac:
Resolution: N/A to fixed
Status: needs_review to closed 
Replying to gk:
Fixed in commit f5c58c88029648b608d75cdb06d82b06f0d30953. I actually doubt Mozilla is tweaking the patch more. In fact, curiously, Firefox is not even using it as the necko people and others got their pitchforks out and argued they needed that feature for debugging purposes even in optimized, non-debug builds. But in NSS it is still there.
Interesting. I guess I did not read the Bugzilla bug carefully and thought the fix was still pending on the NSS side (I think I saw https://bugzilla.mozilla.org/show_bug.cgi?id=1183318#c35 while reading in newest-to-oldest comment order and missed the fact that the status is RESOLVED FIXED). So never mind.
mentioned in issue #20680 (moved)
mentioned in issue #21849 (moved)
mentioned in issue tpo/applications/tor-browser#21849 (closed)