Opened 9 months ago

Last modified 8 months ago

#29252 new defect

Don't disable TLS 1.3 for update checks

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-update
Cc: mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When constructing the request for the update.xml file TLS 1.3 is disabled:

      // Disable cutting edge features, like TLS 1.3, where middleboxes might brick us
      this._request.channel.QueryInterface(Ci.nsIHttpChannelInternal).beConservative = true;

The tests on the Internet maintain that the machines behind aus1 do not support TLS 1.3 (weasel tells me our machines behind aus1 *do* support TLS 1.3). Be that as it may, we should offer TLS 1.3. (This got mentioned as part of BLRG-PT-18-007 in the Firefox updater audit (https://bugzilla.mozilla.org/attachment.cgi?id=8985197) as well).

Child Tickets

Change History (3)

comment:1 Changed 9 months ago by gk

FWIW, this got introduced in bug 1321783.

comment:2 Changed 9 months ago by gk

Keywords: tbb-updater added

comment:3 Changed 8 months ago by gk

Keywords: tbb-update added; tbb-updater removed

Renaming keyword to make it a bit broader

Note: See TracTickets for help on using tickets.