[tor-bugs] #10250 [- Select a component]: Disable RC4 in TBB Firefox
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 29 06:42:21 UTC 2013
#10250: Disable RC4 in TBB Firefox
----------------------------------+---------------------
Reporter: Jesse V. | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: - Select a component | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------
Attacks against RC4 have recently been reported as plausible, and
Microsoft, among other groups, have recommended avoiding RC4 for
symmetric-key encryption. I would recommend blacklisting cipher suites
that rely upon RC4 so that other stronger algorithms, such as AES, will be
preferred instead, so as to avoid these attacks. For example, I have
disabled 0x9c, 0x35, 0x5, 0x4, 0x2f, and 0xa in Chromium because they do
not provide perfect forward secrecy, and 0xc007, 0xc011, and 0x66 because
they rely on RC4 but do provide perfect forward secrecy.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10250>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list