Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
T
Tor Browser
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,533
    • Issues 1,533
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 1
    • Merge Requests 1
  • Operations
    • Operations
    • Incidents
  • Analytics
    • Analytics
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • The Tor Project
  • Applications
  • Tor Browser
  • Issues
  • #26982

Closed
Open
Opened Jul 30, 2018 by Matthew Finkel@sysrqbDeveloper

TBA - httpclientandroidlib leaks information about Android version

While reviewing legacy/trac#22170 (moved), I noticed Fennec decides which TLS ciphers it supports[0] based on a lower-bound of the Android SDK version, and it chooses a TLS cipher within that list. This is another example of why we should use Necko (via GeckoView) instead of the Android SDK for networking.

This is used by the Java networking in the Sync code[1].

In the short term, we can always return the else clause:

    } else {
      DEFAULT_CIPHER_SUITES = new String[]
          {
           "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",        // 11+
           "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",      // 11+
           "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",        // 11+

           // For Sync 1.1.
           "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",  // 9+
           "TLS_RSA_WITH_AES_128_CBC_SHA",      // 9+
          };
    }

But that sure is sad. We need ciphers for 16+.

[0] https://gitweb.torproject.org/tor-browser.git/tree/mobile/android/services/src/main/java/org/mozilla/gecko/background/common/GlobalConstants.java?h=tor-browser-60.1.0esr-8.0-1#n47 [1] https://gitweb.torproject.org/tor-browser.git/tree/mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java?h=tor-browser-60.1.0esr-8.0-1#n261

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: tpo/applications/tor-browser#26982