On Thu, 28 Jan 2016 18:05:51 +0100 Tim Kuijsten info@netsend.nl wrote:
It's also worth noting that newer (0.2.7.x) versions of Tor should not be doing DHE except when talking to old versions of Tor, linked against old versions of OpenSSL as ECDH is both mandatory and preferred in the current stable series.
Is ECDH currently mandatory or did you mean ECDHE?
Yes.
It uses ECDH with Ephemeral keys. Really, unless you vendor's OpenSSL library is doing something Really Silly, or is ancient, this will Do The Right Thing (TM).