967977 - Add a pref to disable SSL Session cache (Disable sending session IDs and sending session tickets)

Status: RESOLVED FIXED

Description

[Mike Perry]

Attachment: Draft patch to disable session ids (needs pref)

There is a pref to disable TLS session tickets (security.enable_tls_session_tickets), but there is no corresponding pref for SSL3 Session IDs.

In Tor Browser, we simply patched NSS directly to hardcode them to off, as we do not want to enable the additional tracking facilitated by these identifiers.

This patch is against FF24ESR.

Comment 1

[Justin Dolske [:Dolske]]

Mike: are you working with anyone in Mozilla to help shepherd these TOR patches through? If not, you'll have much better success by getting bugs files in the right components and requesting explicit review/feedback/needinfo from an appropriate peer.

Comment 2

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

(In reply to Mike Perry from comment #0)
> There is a pref to disable TLS session tickets
> (security.enable_tls_session_tickets),

That pref was removed. See bug 917049.

Comment 3

[Arthur Edelstein [:arthur]]

Attachment: Add a pref to disable trackable SSL session identifiers

I'm posting a patch that provides a pref for disabling both SSL session IDs and session tickets. I hope it matches what was envisioned in the comment at https://bugzilla.mozilla.org/show_bug.cgi?id=917049#c10

Comment 4

[Dana Keeler (she/her) (use needinfo) (:keeler for reviews)]

Comment on attachment 8485269 [details] [diff] [review]
Add a pref to disable trackable SSL session identifiers

Review of attachment 8485269 [details] [diff] [review]:
-----------------------------------------------------------------

Looks reasonable. I'd like to see the final version, so r- for now.

::: netwerk/base/public/security-prefs.js
@@ +17,5 @@
>  pref("security.ssl.enable_npn", true);
>  pref("security.ssl.enable_alpn", true);
> +// If set to true, disables sending SSL3 Session IDs and TLS Session Tickets,
> +// to prevent session tracking:
> +pref("security.ssl.disable_session_identifiers", false);

Let's not put this here - that way, it's a hidden pref that nobody will enable by accident and slow down their TLS connections.

::: security/manager/ssl/src/nsNSSComponent.cpp
@@ +701,4 @@
>  static const bool FALSE_START_ENABLED_DEFAULT = true;
>  static const bool NPN_ENABLED_DEFAULT = true;
>  static const bool ALPN_ENABLED_DEFAULT = false;
> +static const bool DISABLE_SESSION_IDENTIFIERS_DEFAULT = false;

Since this is only used once, we don't need to have a separate variable for it - just pass false to Preferences::GetBool

@@ +703,5 @@
>  static const bool ALPN_ENABLED_DEFAULT = false;
> +static const bool DISABLE_SESSION_IDENTIFIERS_DEFAULT = false;
> +
> +static void
> +UpdateSessionIdentifiersDefaults()

How about something like "ConfigureTLSSessionIdentifiers"?

Comment 5

[Dana Keeler (she/her) (use needinfo) (:keeler for reviews)]

mcmanus, are there other TLS features that are enabled by default that would allow tracking users? (The aim of this bug is to add an option that would prevent that sort of thing.)

Comment 6

[Arthur Edelstein [:arthur]]

Attachment: Add a pref to disable trackable SSL session identifiers, v. 2

Thanks for the review. Here's a corrected version of the patch. I agree it would also be good to disable any other trackable aspects of SSL/TLS with this pref, if possible.

Comment 7

[Patrick McManus [:mcmanus]]

(In reply to David Keeler (:keeler) [use needinfo?] from comment #5)
> mcmanus, are there other TLS features that are enabled by default that would
> allow tracking users? (The aim of this bug is to add an option that would
> prevent that sort of thing.)

sure - at various levels of granularity. None as extreme as session tickets. Anything that keeps state, right?

some that come to mind:
* the version intolerance cache
* our false start behavior involves "have I seen this algorithm before"
* the hsts database

Comment 8

[Dana Keeler (she/her) (use needinfo) (:keeler for reviews)]

(In reply to Patrick McManus [:mcmanus] from comment #7)
> (In reply to David Keeler (:keeler) [use needinfo?] from comment #5)
> > mcmanus, are there other TLS features that are enabled by default that would
> > allow tracking users? (The aim of this bug is to add an option that would
> > prevent that sort of thing.)
> 
> sure - at various levels of granularity. None as extreme as session tickets.
> Anything that keeps state, right?
> 
> some that come to mind:
> * the version intolerance cache
> * our false start behavior involves "have I seen this algorithm before"
> * the hsts database

Thanks. Those all require multiple hosts, right? (because they're basically one or two bits per host, if I understand correctly). We might need to develop some sort of quota per domain tree, but that should be in a future bug.

Comment 9

[Dana Keeler (she/her) (use needinfo) (:keeler for reviews)]

Comment on attachment 8486065 [details] [diff] [review]
Add a pref to disable trackable SSL session identifiers, v. 2

Review of attachment 8486065 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good.

Comment 10

[Patrick McManus [:mcmanus]]

> 
> Thanks. Those all require multiple hosts, right? (because they're basically
> one or two bits per host, if I understand correctly). We might need to
> develop some sort of quota per domain tree, but that should be in a future
> bug.

They are only a bit or two each.. opinions differ on whether or not that's impt or tractable :)

Comment 11

[Georg Koppen]

(In reply to Patrick McManus [:mcmanus] from comment #10)
> > 
> > Thanks. Those all require multiple hosts, right? (because they're basically
> > one or two bits per host, if I understand correctly). We might need to
> > develop some sort of quota per domain tree, but that should be in a future
> > bug.
> 
> They are only a bit or two each..

Really? What about https://web.archive.org/web/20121031023419/http://www.leviathansecurity.com/blog/archives/12-The-Double-Edged-Sword-of-HSTS-Persistence-and-Privacy.html?

Comment 12

[Carsten Book [:Tomcat]]

Hi, could you provide link (just to make sure everything works), thanks!

Comment 13

[Arthur Edelstein [:arthur]]

Try server: https://tbpl.mozilla.org/?tree=Try&rev=1f2eca9900bd

Comment 14

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/85fdc596e257

Comment 15

[Wes Kocher (:KWierso)]

https://hg.mozilla.org/mozilla-central/rev/85fdc596e257

Comment 16

[Joe Smith]

Which Firefox version is this change going to be in? Target Milestone says "mozilla35", but I don't see the "security.ssl.disable_session_identifiers" parameter on Firefox 37.0.1 on Linux Mint (Ubuntu based). Or is it not present by default and needs to be added manually?

Thanks in advance.

Comment 17

[Arthur Edelstein [:arthur]]

(In reply to Joe Smith from comment #16)
> Which Firefox version is this change going to be in? Target Milestone says
> "mozilla35", but I don't see the "security.ssl.disable_session_identifiers"
> parameter on Firefox 37.0.1 on Linux Mint (Ubuntu based). Or is it not
> present by default and needs to be added manually?
> 
> Thanks in advance.

It's not present by default and you need to add it manually (see comment #4).