on TLS ciphersuites

Nick Mathewson nickm at freehaven.net
Wed Jan 3 19:58:10 UTC 2007

On Wed, Jan 03, 2007 at 02:48:03PM -0500, chris at seberino.org wrote:
> I'm curious about need to specify 2 TLS ciphersuites in the spec...
> All implementations MUST support
>    the TLS ciphersuite "TLS_EDH_RSA_WITH_DES_192_CBC3_SHA", and SHOULD
>    support "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available
> Is the problem that we can't assume every TLS implentation is using strong
> enough encryption?

The problem is that when we started writing Tor, not every version of
OpenSSL in the wild supported AES.  I believe AES was first supported
in 0.9.7; it's still pretty common to find people running operating
systems with OpenSSL 0.9.6 or earlier.

>  It is a shame Tor must worry about these low level details
> of TLS.
> Why can't we just say everyone MUST use
> "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" and be done with it?

Because it isn't nice to break compatibility gratuitously just to save
a couple of lines of code.

> (This isn't a fault of Tor but I'm bugged TLS allowed weak ciphersuites such
> that Tor must demand they NOT be used.)

Alas, my time machine is broken; going back in time and arguing with
the SSL developers is not an option. :)

Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20070103/d8b08176/attachment.pgp>

More information about the tor-dev mailing list