[tor-bugs] #11513 [Tor]: Make UNRESTRICTED_SERVER_CIPHER_LIST non-stupid

Mon Apr 14 16:08:52 UTC 2014

#11513: Make UNRESTRICTED_SERVER_CIPHER_LIST non-stupid
------------------------+-----------------------------------------
     Reporter:  nickm   |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-client 024-backport tls
Actual Points:          |  Parent ID:
       Points:          |
------------------------+-----------------------------------------

Comment (by nickm):

 Here's the FULL list of adequate ciphers provided by openssl 1.0.1:
 {{{
 [659]$ grep '\(TLS1\|SSL3\)_TXT'
 /usr/local/opt/openssl/include/openssl/*.h | grep RSA | grep -v CAMEL
 |grep -v RC4 |  grep 'DHE\|EDH' |grep -v SEED |grep -v NULL | grep -v EXP
 |grep -v DES_64 | sed -e 's/^.*://'
 #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
 #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA               "DHE-RSA-
 AES128-SHA"
 #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-
 AES256-SHA"
 #define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-
 CBC3-SHA"
 #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-
 AES128-SHA"
 #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-
 AES256-SHA"
 #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-
 AES128-SHA256"
 #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-
 AES256-SHA256"
 #define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128
 -GCM-SHA256"
 #define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256
 -GCM-SHA384"
 #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-
 AES128-SHA256"
 #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-
 AES256-SHA384"
 #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128
 -GCM-SHA256"
 #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256
 -GCM-SHA384"
 }}}

 As implicit in that command line, I'm excluding the SSL2 protocol and all
 export ciphersuites; I'm excluding the CAMELLIA, SEED, RC4, single-DES,
 and NULL ciphers; and I'm requiring ephemeral keys for forward secrecy.
 (I tried this with openssl master and openssl 1.0.2, and got the same
 lists.)

 So our degrees of freedom are: AES vs 3DES, ECDHE vs DHE, GCM vs CBC, and
 SHA256 vs SHA384 vs SHA1.  We also need to order those by priority.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11513#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online