[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #18274 [Tor Browser]: 3DES_EDE_CBC cipher is vulnerable in the current TBB configuration!



#18274: 3DES_EDE_CBC cipher is vulnerable in the current TBB configuration!
--------------------------+------------------------------------------------
     Reporter:  bugzilla  |      Owner:  tbb-team
         Type:  defect    |     Status:  new
     Priority:  Medium    |  Milestone:
    Component:  Tor       |    Version:
  Browser                 |   Keywords:  tbb-security, TorBrowserTeam201602
     Severity:  Major     |  Parent ID:
Actual Points:            |    Sponsor:
       Points:            |
--------------------------+------------------------------------------------
 From The Design and Implementation of the Tor Browser [DRAFT]:
 > we also enable TLS False Start via the Firefox Pref
 security.ssl.enable_false_start.
 From TLS False Start https://tools.ietf.org/html/draft-bmoeller-tls-
 falsestart-00
 > generally symmetric ciphers with an effective key length of 128 bits or
 more can be considered strong.  In TLS 1.2  [RFC5246], this allows all
 cipher suites '''except''' those using the NULL or 3DES_EDE_CBC ciphers
 Detected by https://www.ssllabs.com/ssltest/viewMyClient.html
 > TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   112
 In {{{about:config}}}:
 {{{security.ssl3.rsa_des_ede3_sha}}};{{{true}}}
 Why is this security hole still present?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18274>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs