[tor-bugs] #11528 [Tor]: Consider using ​SSL_OP_CIPHER_SERVER_PREFERENCE

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 15 20:59:09 UTC 2014


#11528: Consider using ​SSL_OP_CIPHER_SERVER_PREFERENCE
------------------------+----------------------------------------
     Reporter:  nickm   |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-relay tls 024-backport
Actual Points:          |  Parent ID:
       Points:          |
------------------------+----------------------------------------

Comment (by nickm):

 Here are the ciphers that appear on the current client and server lists,
 sorted by client preference order:
 {{{
    XCIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
    XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA)
    XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)
    XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA)
    XCIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
    XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
    XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
 }}}
 Here are the ciphers that appear on the old client and current server
 lists, sorted by client preference order:
 {{{
    XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)
    XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
    XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA)
    XCIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
    XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA)
    XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
 }}}

 (I'm only considering the new server list from #11513, since we wouldn't
 merge a patch for this to any series without also merging #11513 .)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11528#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list