[tor-bugs] #21005 [Applications/Tor Messenger]: Enforce Stronger Ciphers in Tor Messenger

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Dec 16 16:06:00 UTC 2016 

#21005: Enforce Stronger Ciphers in Tor Messenger
--------------------------------------------+---------------------------
     Reporter:  cypherpunks                 |      Owner:
         Type:  enhancement                 |     Status:  new
     Priority:  Medium                      |  Milestone:
    Component:  Applications/Tor Messenger  |    Version:
     Severity:  Normal                      |   Keywords:  Tor Messenger
Actual Points:                              |  Parent ID:
       Points:                              |   Reviewer:
      Sponsor:                              |
--------------------------------------------+---------------------------
 In considering to limit the standard ciphers to the ones recommended in
 RFC 7525 from 2015 for torbirdy (ticket:20751), and to minimize the risk
 of downgrade attacks, it might be advisable to find a similar solution for
 tor messenger, too. (Maybe even a similar way of handling exceptions in
 the UX)

 Therefor I suggest the following standard settings (torbirdy,
 ticket:20751)

 1. tls version 1.2 (RFC 5246 from 2008, tls version 1.3 is is going to be
 introduced next year)
 {{{security.tls.version.min = 3}}}

 2. recommended ciphers in accordance to RFC 7525 (from 2015)
 {{{security.ssl3.*      false}}}
 {{{security.ssl3.ecdhe_rsa_aes_128_gcm_sha256   true}}}
 {{{security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256         true}}}

 3. Prevent Insecure Recognition
 {{{security.ssl.require_safe_negotiation        true}}}
 {{{security.ssl.treat_unsafe_negotiation_as_broken      true}}}

 4. Certificate Pinning
 {{{security.cert_pinning.enforcement_level      = 2}}}

 ticket:16494#comment:5 suggests to implement a tbb like slider for Tor
 Messenger and to enforce a stronger set of ciphers just for the higher
 security settings. As explained in https://blog.torproject.org/blog/tor-
 messenger-030b1-released#comment-220689 to follow the recommendations of
 the last RFCs tls version 1.2 has to be used (otherwise the recommended
 ciphers can't be used). Today, most XMPP server support TLS version 1.2
 and are able to use modern ciphers, allowing a downgrade of the ciphers
 just allows downgrade attacks and weakens the overall security. Ie, an
 user should not enforce stronger ciphers by setting a higher security
 level, instead he should get a message in the moment the the server
 doesn't support the (stronger) standard cipher than he can decide what to
 do, ie either to use a different XMPP server (a server that doesn't
 support tls v 1.2 in 2017, is just a bad choice and the server owner might
 just do a bad job and even save password as md5 hash etc) or deliberately
 use the xmpp sever (if the server used to support stronger encryption and
 stops to do so, the user might even know that something is going wrong)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21005>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list