Opened 18 months ago

Last modified 18 months ago

#29252 new defect

Don't disable TLS 1.3 for update checks

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-update
Cc: mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


When constructing the request for the update.xml file TLS 1.3 is disabled:

      // Disable cutting edge features, like TLS 1.3, where middleboxes might brick us = true;

The tests on the Internet maintain that the machines behind aus1 do not support TLS 1.3 (weasel tells me our machines behind aus1 *do* support TLS 1.3). Be that as it may, we should offer TLS 1.3. (This got mentioned as part of BLRG-PT-18-007 in the Firefox updater audit ( as well).

Child Tickets

Change History (3)

comment:1 Changed 18 months ago by gk

FWIW, this got introduced in bug 1321783.

comment:2 Changed 18 months ago by gk

Keywords: tbb-updater added

comment:3 Changed 18 months ago by gk

Keywords: tbb-update added; tbb-updater removed

Renaming keyword to make it a bit broader

Note: See TracTickets for help on using tickets.