[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11513 [Tor]: Make UNRESTRICTED_SERVER_CIPHER_LIST non-stupid

Subject: Re: [tor-bugs] #11513 [Tor]: Make UNRESTRICTED_SERVER_CIPHER_LIST non-stupid
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 15 Apr 2014 20:20:14 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 15 Apr 2014 16:20:27 -0400
In-reply-to: <045.39567bb9ddab6243d0dacc16e20e6bef@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.39567bb9ddab6243d0dacc16e20e6bef@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#11513: Make UNRESTRICTED_SERVER_CIPHER_LIST non-stupid
------------------------+-----------------------------------------
     Reporter:  nickm   |      Owner:
         Type:  defect  |     Status:  needs_review
     Priority:  normal  |  Milestone:  Tor: 0.2.4.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-client 024-backport tls
Actual Points:          |  Parent ID:
       Points:          |
------------------------+-----------------------------------------

Comment (by cypherpunks):

 By default server follows client's preference. It depends
 [https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#item_SSL_OP_CIPHER_SERVER_PREFERENCE
 SSL_OP_CIPHER_SERVER_PREFERENCE] option.
 Is it worth to prevent any possible client's insecure choice or to allow
 client to chose it's own destiny? (if something wrong with one of cipher
 then client's software would be updated faster)

 Either way, server's cipher list should be ordered for clarity, just in
 case and for future.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11513#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #11513 [Tor]: Make UNRESTRICTED_SERVER_CIPHER_LIST non-stupid
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #11507 [Tor]: New tests for status.c
Next by Author: Re: [tor-bugs] #11492 [Tor]: Relay will never choose TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA ciphers
Previous by thread: Re: [tor-bugs] #11513 [Tor]: Make UNRESTRICTED_SERVER_CIPHER_LIST non-stupid
Next by thread: Re: [tor-bugs] #11513 [Tor]: Make UNRESTRICTED_SERVER_CIPHER_LIST non-stupid
Index(es):
- Author
- Thread