Closed Bug 917049 Opened 11 years ago Closed 11 years ago

Remove the security.enable_tls_session_tickets pref

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla27

People

(Reporter: briansmith, Assigned: mjh563)

References

Details

Attachments

(1 file, 1 obsolete file)

patch for checkin
4.50 KB, patch
mjh563
: review+
Details | Diff | Splinter Review 
+++ This bug was initially created as a clone of Bug #917047 +++

There's no need for this pref any more. It was added way back when support for session tickets was a new thing in Firefox. We should remove it so that we always support session tickets.
No longer depends on: 917047
Attached patch patch (obsolete) — Splinter Review 
Assignee: nobody → mjh563
Status: NEW → ASSIGNED

        Attachment #816300 -
        Flags: review?(brian)

    
    

    
  
Comment on attachment 816300 [details] [diff] [review]
patch

Review of attachment 816300 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good to me.

        Attachment #816300 -
        Flags: review?(brian) → review+

    
    

    
  


  
Thanks. Updated the commit message to show r=keeler.

        Attachment #816300 -
        Attachment is obsolete: true

        Attachment #820524 -
        Flags: review+

    
  
Keywords: checkin-needed

    
    

    
  
Pushed this along with a bunch of other checkin-neededs to try:
https://tbpl.mozilla.org/?tree=Try&rev=503271ae46d1

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/20ee43b8e3a7
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27

    
    

    
  
Someone on IRC mentioned that this pref might still make sense for privacy reasons (also for the Tor people?):

<Hb> Bug 917049 killed the pref security.enable_tls_session_tickets. Now TLS session tickets can't be disabled any more.  Servers can now track the SSL session.  This is a privacy flaw, see https://browserprivacy.wordpress.com/2013/11/19/requiring-better-cryptography-in-firefox-and-thunderbird-breaks-update-functionality and http://almnet.de/privacy-handbuch/privacy-handbuch-html/handbuch_21m.htm


If there is a privacy implication by this, then I guess it would be worth keeping the pref so people who really care about it can turn it off. The Tor browser will do this as well I assume.
Flags: needinfo?(brian)

    
  
Whiteboard: [good first bug]

    
    

    
  
(In reply to Christian Holler (:decoder) from comment #7)
> <Hb> Bug 917049 killed the pref security.enable_tls_session_tickets. Now TLS
> session tickets can't be disabled any more.  Servers can now track the SSL
> session.  This is a privacy flaw, see
> https://browserprivacy.wordpress.com/2013/11/19/requiring-better-
> cryptography-in-firefox-and-thunderbird-breaks-update-functionality and
> http://almnet.de/privacy-handbuch/privacy-handbuch-html/handbuch_21m.htm
>
> If there is a privacy implication by this, then I guess it would be worth
> keeping the pref so people who really care about it can turn it off. The Tor
> browser will do this as well I assume.

This is a misunderstanding. Even when session tickets were disabled, Firefox still supported session resumption using session IDs, and those session IDs enable(d) exactly the same kind of tracking. If some pref to disable session tracking is needed, then we can consider that in another (new) bug--one that describes the privacy model that is sought after.
Flags: needinfo?(brian)

    
    

    
  
TLS session tickets are described in RFC 5077 (1).  Aside from privacy issues these tickets may weaken the key length and break Perfect Forward Secrecy.  This was said by Florent Daigniere (2) on Black Hat USA 2013.  In a paper (3) he concludes:

> The security implications associated with using the default settings of OpenSSL 
> can be summarized as follows: 
> -  128 bit of security is all you get (at best), regardless of the cipher 
>    which has been negotiated 
> -  The Perfect Forward Secrecy interval is likely to be more than expected –
>    the program’s lifetime in most cases (as opposed to hours like best practices 
>    would recommend) 

As far as I have understood this might be bad. I don't get the point why this option is drawn away from Firefox.


(1) RFC 5077
http://www.ietf.org/rfc/rfc5077.txt

(2) Slides
https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf

(3) Paper
https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf.
Flags: needinfo?(brian)
See Also:  → 967977

    
    

    
  
See bug 967977. We will implement a more general solution. I understand that some (maybe most) session ticket implementations need to be improved, but the same could be said for session-ID-based resumption mechanisms. We care about the privacy issues, but fixing 967977 is a better, more complete, way of addressing them.
Flags: needinfo?(brian)

    
  
Depends on: 1105551

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: