Opened 3 years ago

Closed 2 years ago

#20447 closed defect (duplicate)

Tor Browser Spec is not accurate regarding Session IDs

Reported by: tom Owned by: tbb-team
Priority: Very Low Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #15988 Points:
Reviewer: Sponsor:

Description

Or at the least it's confusing. The doc says we clear Session IDs on New Identity, but then says we disable them.

Patch:

From 5f5ff04e17ffc45eb0c2889ce6a71c7b2a312da7 Mon Sep 17 00:00:00 2001
From: Tom <tom@ritter.vg>
Date: Mon, 24 Oct 2016 11:36:29 -0500
Subject: [PATCH] Clarify language about Session IDs (always disabled.)

---
 design-doc/design.xml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/design-doc/design.xml b/design-doc/design.xml
index 4ea0bff..36fa33a 100644
--- a/design-doc/design.xml
+++ b/design-doc/design.xml
@@ -1258,8 +1258,7 @@ bar origin.
      </para>
      <para><command>Implementation Status:</command>

-We currently clear SSL Session IDs upon <link linkend="new-identity">New
-Identity</link>, we disable TLS Session Tickets via the Firefox Pref
+We disable TLS Session Tickets via the Firefox Pref
 <command>security.enable_tls_session_tickets</command>. We disable SSL Session
 IDs via a <ulink
 url="https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-31.6.0esr-4.5-1&amp;id=a01fb747d4b8b24687de538cb6a1304fe27d9d88">patch
--
2.10.1

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by gk

Parent ID: #15988

comment:2 Changed 2 years ago by gk

Resolution: duplicate
Status: newclosed

This is included in the patch I just posted for #15988. Resolving this ticket as a duplicate.

Note: See TracTickets for help on using tickets.