-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hello,
I think that is to maintain a backward compatibility. Tor tries as hard as possible to maintain backward compatibility with older versions, unless something critical which requires deprecation regardless some relays will disappear from the consensus.
I guess this is the reason we currently prefer ECDHE but do not reject DHE. In the future, when we are certain everyone upgraded to new enough OpenSSL, we can safely reject DHE all the time.
On 8/2/2015 6:57 PM, starlight.2015q2@binnacle.cx wrote:
At 08:26 8/2/2015 -0700, you wrote:
It also may not tell you their ordering preference (but it might! again, you'd have to look at the code.)
That "openssl s_client" test I ran was against my 0.2.6.10 with openssl 1.0.2 relay.
It's certain that ECDHE is preferred over DHE, but my thought is that, especially with 0.2.7 dropping openssl 0.9.8 (no ECDHE), that relays should refuse to accept DHE connections entirely.
We've seen many downgrade attacks and who knows for certain if none remain buried in the openssl? Seems prudent to kill-off DHE.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays