[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #11528 [Tor]: Consider using âSSL_OP_CIPHER_SERVER_PREFERENCE



#11528: Consider using âSSL_OP_CIPHER_SERVER_PREFERENCE
----------------------------------------+----------------------------------
 Reporter:  nickm                       |          Owner:
     Type:  defect                      |         Status:  new
 Priority:  normal                      |      Milestone:  Tor:
Component:  Tor                         |  0.2.5.x-final
 Keywords:  tor-relay tls 024-backport  |        Version:
Parent ID:                              |  Actual Points:
                                        |         Points:
----------------------------------------+----------------------------------
 With #11513, we gave the servers a reasonable set of ciphers to allow.  On
 that ticket, cypherpunks notes:

 >By default server follows client's preference. It depends
 âSSL_OP_CIPHER_SERVER_PREFERENCE option. Is it worth to prevent any
 possible client's insecure choice or to allow client to chose it's own
 destiny? (if something wrong with one of cipher then client's software
 would be updated faster)
 >Either way, server's cipher list should be ordered for clarity, just in
 case and for future.

 So to be clear, my understanding is that the algorithm is to take the
 intersection of the client's list and the server's list, and then pick the
 item in the intersection that appeared first on the client's order (by
 default) or the item in the intersection that appeared first on the
 server's list (if SSL_OP_CIPHER_SERVER_PREFERENCE is set on the server).

 Which way shall we do it?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11528>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs