on TLS ciphersuites

chris at seberino.org chris at seberino.org
Wed Jan 3 19:48:03 UTC 2007

I'm curious about need to specify 2 TLS ciphersuites in the spec...

All implementations MUST support
   the TLS ciphersuite "TLS_EDH_RSA_WITH_DES_192_CBC3_SHA", and SHOULD
   support "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available

Is the problem that we can't assume every TLS implentation is using strong
enough encryption?  It is a shame Tor must worry about these low level details
of TLS.

Why can't we just say everyone MUST use "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" and
be done with it?

(This isn't a fault of Tor but I'm bugged TLS allowed weak ciphersuites such
that Tor must demand they NOT be used.)



Christian Seberino, Ph.D.
SAN DIEGO, CA 92109-1622

Phone: (619) 573-4233
Email: chris at seberino.org

More information about the tor-dev mailing list