Opened 4 years ago

Closed 3 years ago

#20447 closed defect (duplicate)

Tor Browser Spec is not accurate regarding Session IDs

Reported by: tom Owned by: tbb-team
Priority: Very Low Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #15988 Points:
Reviewer: Sponsor:


Or at the least it's confusing. The doc says we clear Session IDs on New Identity, but then says we disable them.


From 5f5ff04e17ffc45eb0c2889ce6a71c7b2a312da7 Mon Sep 17 00:00:00 2001
From: Tom <>
Date: Mon, 24 Oct 2016 11:36:29 -0500
Subject: [PATCH] Clarify language about Session IDs (always disabled.)

 design-doc/design.xml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/design-doc/design.xml b/design-doc/design.xml
index 4ea0bff..36fa33a 100644
--- a/design-doc/design.xml
+++ b/design-doc/design.xml
@@ -1258,8 +1258,7 @@ bar origin.
      <para><command>Implementation Status:</command>

-We currently clear SSL Session IDs upon <link linkend="new-identity">New
-Identity</link>, we disable TLS Session Tickets via the Firefox Pref
+We disable TLS Session Tickets via the Firefox Pref
 <command>security.enable_tls_session_tickets</command>. We disable SSL Session
 IDs via a <ulink

Child Tickets

Change History (2)

comment:1 Changed 4 years ago by gk

Parent ID: #15988

comment:2 Changed 3 years ago by gk

Resolution: duplicate
Status: newclosed

This is included in the patch I just posted for #15988. Resolving this ticket as a duplicate.

Note: See TracTickets for help on using tickets.