[tbb-bugs] #18274 [Tor Browser]: 3DES_EDE_CBC cipher is vulnerable in the current TBB configuration!
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Feb 7 20:27:45 UTC 2016
#18274: 3DES_EDE_CBC cipher is vulnerable in the current TBB configuration!
--------------------------+------------------------------------------------
Reporter: bugzilla | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor | Version:
Browser | Keywords: tbb-security, TorBrowserTeam201602
Severity: Major | Parent ID:
Actual Points: | Sponsor:
Points: |
--------------------------+------------------------------------------------
From The Design and Implementation of the Tor Browser [DRAFT]:
> we also enable TLS False Start via the Firefox Pref
security.ssl.enable_false_start.
From TLS False Start https://tools.ietf.org/html/draft-bmoeller-tls-
falsestart-00
> generally symmetric ciphers with an effective key length of 128 bits or
more can be considered strong. In TLS 1.2 [RFC5246], this allows all
cipher suites '''except''' those using the NULL or 3DES_EDE_CBC ciphers
Detected by https://www.ssllabs.com/ssltest/viewMyClient.html
> TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
In {{{about:config}}}:
{{{security.ssl3.rsa_des_ede3_sha}}};{{{true}}}
Why is this security hole still present?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18274>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list