Re: [tor-relays] relay's count handshake versions, why not TLS handshake types?

At 08:26 8/2/2015 -0700, you wrote:

It also may not tell you their ordering preference (but it might! again, you'd have to look at the code.)

That "openssl s_client" test I ran was against my 0.2.6.10 with openssl 1.0.2 relay.

It's certain that ECDHE is preferred over DHE, but my thought is that, especially with 0.2.7 dropping openssl 0.9.8 (no ECDHE), that relays should refuse to accept DHE connections entirely.

We've seen many downgrade attacks and who knows for certain if none remain buried in the openssl? Seems prudent to kill-off DHE.