Opened 2 months ago

Last modified 2 months ago

#27719 new enhancement

Treat unsafe renegotiation as broken

Reported by: cypherpunks2 Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor Browser currently has security.ssl.treat_unsafe_negotiation_as_broken = false which means that sites with unsafe renegotiation will not display any warnings. Unsafe renegotiation makes MITM attacks possible, so this setting should be changed to true so vulnerable sites display a warning (red padlock indicating broken encryption).

See https://security.stackexchange.com/a/111922 for more information.

Child Tickets

Change History (2)

comment:1 Changed 2 months ago by gk

Relevant Moz bugs:

https://bugzilla.mozilla.org/show_bug.cgi?id=535649 (original discussion and implementation)
https://bugzilla.mozilla.org/show_bug.cgi?id=665859 (flip the pref to true as this bug report requests)

comment:2 in reply to:  1 Changed 2 months ago by cypherpunks2

Replying to gk:

Relevant Moz bugs:

https://bugzilla.mozilla.org/show_bug.cgi?id=535649 (original discussion and implementation)
https://bugzilla.mozilla.org/show_bug.cgi?id=665859 (flip the pref to true as this bug report requests)

The second report is over 7 years old and no progress has been made (it's still status NEW). It's very possible that we'll have to toggle this ourselves if we want to avoid trivial MITM. I mean, only enabling JavaScript on sites with TLS is a little odd if the exit node can still read and inject arbitrary data for a non-negligible number (around 2%!) of those connections without even so much as a warning appearing to the user.

Last edited 2 months ago by cypherpunks2 (previous) (diff)
Note: See TracTickets for help on using tickets.