[tor-bugs] #15426 [Core Tor/Tor]: Update ciphers.inc to match ciphers from current Firefox

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jan 27 20:09:52 UTC 2017


#15426: Update ciphers.inc to match ciphers from current Firefox
-------------------------------------------------+-------------------------
 Reporter:  cypherpunks                          |          Owner:  nickm
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.3.0.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  027-triaged-1-out, nickm-            |  Actual Points:  .2
  deferred-20160905, tor-03-unspecified-201612   |
Parent ID:                                       |         Points:  2
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by yawning):

 I'm uncertain of how useful this actually is, and if we were going to
 match a browser's ciphersuites, matching chrome's would probably be
 "better" as it totally crushes firefox in terms of market share.  That's
 probably a topic for a different discussion though.

 The client branch looks ok from a "it matches Firefox" point of view,
 though if it were up to me, I'd move ChaCha around at runtime depending on
 if hardware AES is available or not.

 Does OpenSSL do the right thing client side if TLS < 1.2 is negotiated,
 and the server picks an AEAD suite (RFC 7251 Sec. 3)?

 The server branch likewise looks ok, though my comments regarding ChaCha
 prioritization also apply here.  Nitpick: Update the `MANDATORY` list to
 remove the DES suite (Per: #19998).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15426#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list