Tor involuntarily sets TLS session tickets
This is bad for at least two reasons:
-
performance: It increases the size (~160bytes) of the ChangeCipherSpec message during the handshake; it also makes the server encrypt and hmac the ticket
-
security: It has implications regarding the PFS interval (no immediate security concern here as the server certificates are ephemeral; MAX_SSL_KEY_LIFETIME_INTERNAL = 2h atm) and exposes more attack surface than strictly necessary (Tor doesn't use the tickets in any case: that's why it disables the session-cache)
To disable session-tickets altogether (TLS1+ feature), one should use: SSL_CTX_set_options(... , ...|SSL_OP_NO_TICKET)