[tor-bugs] #17374 [Tor Browser]: Disable 1024-DH Encryption by default
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 7 16:09:15 UTC 2015
#17374: Disable 1024-DH Encryption by default
-------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+--------------------------
Comment (by yawning):
TLS negotiates which ciphersuite to use based on what the client claims to
support in a `ClientHello`, with the most preferred first. Any modern (or
halfway modern) web browser including Tor Browser will express preference
the ECDHE suites.
The only times DHE suites will be used is if:
* The server does not support ECDHE.
* The server is horrifically misconfigured and prefers DHE over ECDHE.
What is suggested will force correct behavior in the latter case, at the
expense of not being able to connect at all to servers exhibiting the
former behavior. This is a usability vs security tradeoff, and my concern
would be that people fall back to plain http when they can't reach a site
over https (No crypto vs theoretically/speculatively weak crypto).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17374#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list