Of course! This is implicit in my posting.

What I am saying is that, like old v1/v2 handshakes, Tor should be moving in the direction of eliminating DHE. The way to approach that is to *count* the number of DHE handshakes and other TLS session attributes. This is currently begin done for TOR/NTOR handshakes but is not for TLS negotiations.

0.2.7 will not build/run with openssl 0.9.8, so once 0.2.7 is widely deployed DHE can be forcibly disabled.

BUT, as with v1/v2 handshakes, one would not want to do that prematurely so counting them is a good idea.

That suggesting is the principle idea of the thread.

At 20:01 8/2/2015 +0300, you wrote:

I think that is to maintain a backward compatibility. Tor tries as hard as possible to maintain backward compatibility with older versions, unless something critical which requires deprecation regardless some relays will disappear from the consensus.

I guess this is the reason we currently prefer ECDHE but do not reject DHE. In the future, when we are certain everyone upgraded to new enough OpenSSL, we can safely reject DHE all the time.