[tor-bugs] #19998 [Core Tor/Tor]: Stop allowing 3DES in TLS ciphersuites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 26 20:49:03 UTC 2016
#19998: Stop allowing 3DES in TLS ciphersuites
--------------------------+------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-spec | Actual Points:
Parent ID: | Points: .2
Reviewer: | Sponsor:
--------------------------+------------------------------------
Changes (by yawning):
* keywords: => tor-spec
Comment:
I agree with the suggested fixes.
This will require a tor-spec update as well since 3DES is listed as
mandatory in a few locations (primarily in relation to outdated link
handshakes), and although it is unlikely that someone will implement a tor
that only supports 3DES, the spec should reflect the code.
While we are revisiting the allowed cipher suites, should we proscribe the
RC4 ones? It's even less likely that any of those will be negotiated, and
they're just as flawed as 3DES.... (Probably a separate ticket?)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19998#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list