TLS 1.3 is disabled in Tor Browser
A blog comment (https://blog.torproject.org/comment/276830#comment-276830) indicates that we limit the TLS version to be used to 1.2. We should probably remove that limitation and support 1.3 as well.
Activity
Technically doesn't Firefox 60 ESR only implement a draft version of TLS 1.3? That's why ticket #27141 (moved) exists.
Replying to cypherpunks3:
Technically doesn't Firefox 60 ESR only implement a draft version of TLS 1.3? That's why ticket #27141 (moved) exists.
Yes, but the bug report is "why are you only allowing TLS 1.2 and disable the draft version which ESR 60 ships as enabled". I think there is no reason to differ from Firefox here.
-
bug_27535(https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_27535&id=dc3519d999329f06042409786568e8e871503a92) in my public tor-browser repo has a fix for this bug up for review.Trac:
Keywords: N/A deleted, TorBrowserTeam201809R added
Status: new to needs_review 
-
Draft 23 and 0rtt by default?! Feature that was manually disabled up to Fx60 (but shipped since Fx52) is offered now to Tor Browser's users to become beta-testers or what?!
Replying to watt:
Replying to gk:
I think there is no reason to differ from Firefox here. Sure? https://bugzilla.mozilla.org/show_bug.cgi?id=1462099
Fuck! Tor Browser is not a toy (for some users, at least)!
Trac:
Username: watt mentioned in issue #27681 (moved)
mentioned in issue #27848 (moved)
mentioned in issue #28904 (moved)
