[tor-dev] Tor not affected by recent openssl security advisories
Yawning Angel
yawning at schwanenlied.me
Thu Jan 28 17:24:46 UTC 2016
On Thu, 28 Jan 2016 18:05:51 +0100
Tim Kuijsten <info at netsend.nl> wrote:
> > It's also worth noting that newer (0.2.7.x) versions of Tor should
> > not be doing DHE except when talking to old versions of Tor, linked
> > against old versions of OpenSSL as ECDH is both mandatory and
> > preferred in the current stable series.
>
> Is ECDH currently mandatory or did you mean ECDHE?
Yes.
It uses ECDH with Ephemeral keys. Really, unless you vendor's OpenSSL
library is doing something Really Silly, or is ancient, this will Do
The Right Thing (TM).
--
Yawning Angel
[0]: Bow before your new NIST overlords, etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160128/ae890386/attachment.sig>
More information about the tor-dev
mailing list