[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #11528 [Tor]: Consider using âSSL_OP_CIPHER_SERVER_PREFERENCE
#11528: Consider using âSSL_OP_CIPHER_SERVER_PREFERENCE
----------------------------------------+----------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor:
Component: Tor | 0.2.5.x-final
Keywords: tor-relay tls 024-backport | Version:
Parent ID: | Actual Points:
| Points:
----------------------------------------+----------------------------------
With #11513, we gave the servers a reasonable set of ciphers to allow. On
that ticket, cypherpunks notes:
>By default server follows client's preference. It depends
âSSL_OP_CIPHER_SERVER_PREFERENCE option. Is it worth to prevent any
possible client's insecure choice or to allow client to chose it's own
destiny? (if something wrong with one of cipher then client's software
would be updated faster)
>Either way, server's cipher list should be ordered for clarity, just in
case and for future.
So to be clear, my understanding is that the algorithm is to take the
intersection of the client's list and the server's list, and then pick the
item in the intersection that appeared first on the client's order (by
default) or the item in the intersection that appeared first on the
server's list (if SSL_OP_CIPHER_SERVER_PREFERENCE is set on the server).
Which way shall we do it?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11528>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs