Closed Bug 448747 Opened 12 years ago Closed 9 years ago

Provide Mechanism to clear TLS Session IDs

Categories

(Core :: Security: PSM, enhancement)

x86
Windows XP
enhancement
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: mikeperry.unused, Unassigned)

Details

In Bug 405652, it was mentioned that TLS Session IDs can persist for an indefinite duration, providing an identifier that is sent to TLS sites that can be used to link activity. This is particularly troublesome now that we have certificate verification in place. Even when using an anonymity network such as Tor with Torbutton, the OCSP server can use this identifier to build a history of TLS sites someone visits, and also correlate their activity as they move from network to network (such as home to work to coffee shop, etc).

In addition, for the 'Private Mode' feature discussed in Bug 248970, it would be nice not to transmit any identifier to say gmail after entering in to this mode.

Ideally this would happen on the 'cookie-changed' observer event, which is also used as the trigger to clear out the (identifying) keys used by the Safe Browsing code. However, it is probably not possible for NSS to listen for this event. Perhaps a call could be exposed that some component of Firefox could invoke upon receiving the 'cookie-changed' event itself?
Assignee: nobody → kaie
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
The NSS function to do this is SSL_ClearSessionCache.
PSM already calls it in numerous places.  See a list of them at
http://mxr.mozilla.org/security/search?string=SSL_ClearSessionCache&find=manager

So, perhaps there is no need for additional development here, but only 
documenting the different ways that this gets called.
As a note, the hack we use to deal with this in torbutton is to toggle security.enable_ssl2, which 
clears the cache via the pref listener at http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsNSSComponent.cpp#2134
Flags: blocking1.9.0.19?
Flags: blocking1.9.0.19?
The SeaMonkey user interface used to have a "logout" functionality.

I would hope that Firefox' "clear private data" functionality is linked to the described clearing of the session cache. If not, it should.


Mike, can you please try to use "clear private data (clear recent history)", then "details", then "active logins"? Does that clear it?
Assignee: kaie → nobody
Ok, I understand better what you want.

You're not talking about "interactive logout triggered by the user", but rather a mechanism to clear the data from within the code level.

If you're at the extension level, you can probably access nsICrypto::Logout() to flush it.

If you don't like the logout sideeffects, we could introduce a new JavaScript-level event that triggers the clearing of the session cache. A good place to watch for that is nsNSSComponent::Observe().

I think a new event should be introduced. I don't like the idea to do it together with cookie-changed event.
nsIDOMCrypto::Logout() now works for this. However, there are more bits of state in TLS we need to fix, but I'll file other bugs for those.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.