2046785 - Temporarily turn off TLS token persistence

Status: RESOLVED FIXED

(Core :: Networking, defect)

Description

[Lars Eggert [:lars]]

NSS encrypts TLS tokens with an ephemeral key. That key will have rotated when we read TLS tokens back from storage on a browser restart, causing TLS resumption with those tokens to fail. Disable TLS token persistence until we can address this in NSS.

Comment 1

[Lars Eggert [:lars]]

Attachment: Bug 2046785 - Temporarily turn off TLS token persistence r=kershaw,valentin,#necko-reviewers

NSS encrypts TLS tokens with an ephemeral key. That key will have rotated when we read TLS tokens
back from storage on a browser restart, causing TLS resumption with those tokens to fail. Disable
TLS token persistence until we can address this in NSS.
modified: security/manager/ssl/nsNSSIOLayer.cpp # modified: security/nss/lib/ssl/tls13con.c #
modified: tools/netwerk/decode_ssl_tokens_cache.py #

Comment 2

[Pulsebot]

Pushed by leggert@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/321843961d13
https://hg.mozilla.org/integration/autoland/rev/da155e264dae
Temporarily turn off TLS token persistence r=kershaw,necko-reviewers,mxinden

Comment 3

[Lars Eggert [:lars]]

Attachment: Bug 2046785 - Drop loaded tokens based on user pref r=valentin,kershaw,#necko-reviewers

Init() may have dispatched a TLS token load based on the default pref.
Now that the user pref is known to disable persistence, invalidate that
load and drop any records it already inserted.

Comment 4

[Pulsebot]

Pushed by leggert@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/e6b68795285f
https://hg.mozilla.org/integration/autoland/rev/15c45b44d0c5
Drop loaded tokens based on user pref r=kershaw,necko-reviewers

Comment 5

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/da155e264dae

Comment 6

[Cristian Tuns]

https://hg.mozilla.org/mozilla-central/rev/15c45b44d0c5