commit e22c36fb77f0c780fc532df1e54cebc8676190b3 Author: Nick Mathewson nickm@torproject.org Date: Mon Sep 5 14:10:48 2016 -0400

Remove 3DES as a required suite; add the minimal AES one. --- tor-spec.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tor-spec.txt b/tor-spec.txt index e85634d..ba9782f 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -182,8 +182,8 @@ see tor-design.pdf. Connections between two Tor relays, or between a client and a relay, use TLS/SSLv3 for link authentication and encryption. All implementations MUST support the SSLv3 ciphersuite - "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", and SHOULD support the TLS - ciphersuite "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available. + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available. They SHOULD + support better ciphersuites if available.

There are three ways to perform TLS handshakes with a Tor server. In the first way, "certificates-up-front", both the initiator and