Opened 13 days ago

Closed 6 days ago

Last modified 5 days ago

#27535 closed defect (fixed)

TLS 1.3 is disabled in Tor Browser

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-8.0-issues, tbb-8.0.1-can, GeorgKoppen201809, TorBrowserTeam201809R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A blog comment (https://blog.torproject.org/comment/276830#comment-276830) indicates that we limit the TLS version to be used to 1.2. We should probably remove that limitation and support 1.3 as well.

Child Tickets

Change History (9)

comment:1 Changed 12 days ago by cypherpunks3

Technically doesn't Firefox 60 ESR only implement a draft version of TLS 1.3? That's why ticket #27141 exists.

comment:2 in reply to:  1 ; Changed 12 days ago by gk

Replying to cypherpunks3:

Technically doesn't Firefox 60 ESR only implement a draft version of TLS 1.3? That's why ticket #27141 exists.

Yes, but the bug report is "why are you only allowing TLS 1.2 and disable the draft version which ESR 60 ships as enabled". I think there is no reason to differ from Firefox here.

comment:3 Changed 9 days ago by gk

Keywords: tbb-8.0.1-can added

Marking for 8.0.1 can.

comment:4 Changed 7 days ago by gk

Keywords: GeorgKoppen201809 added

comment:5 Changed 7 days ago by gk

Keywords: TorBrowserTeam201809R added
Status: newneeds_review

bug_27535 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_27535&id=dc3519d999329f06042409786568e8e871503a92) in my public tor-browser repo has a fix for this bug up for review.

comment:6 in reply to:  2 ; Changed 7 days ago by watt

Replying to gk:

I think there is no reason to differ from Firefox here.

Sure?

comment:7 Changed 6 days ago by brade

r=brade, r=mcs
looks good.

comment:8 Changed 6 days ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks for that. Merged to tor-browser-60.2.0esr-8.5.-1 (commit dc3519d999329f06042409786568e8e871503a92) and cherry-picked to tor-browser-60.2.0esr-8.0-1 (commit 32b4b24c4cf56b9e88c7aae60c1db5affabd99b1).

comment:9 in reply to:  6 Changed 5 days ago by watt

Draft 23 and 0rtt by default?!
Feature that was manually disabled up to Fx60 (but shipped since Fx52) is offered now to Tor Browser's users to become beta-testers or what?!

Replying to watt:

Replying to gk:

I think there is no reason to differ from Firefox here.

Sure?

https://bugzilla.mozilla.org/show_bug.cgi?id=1462099

Fuck! Tor Browser is not a toy (for some users, at least)!

Note: See TracTickets for help on using tickets.