[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11528 [Tor]: Consider using âSSL_OP_CIPHER_SERVER_PREFERENCE



#11528: Consider using âSSL_OP_CIPHER_SERVER_PREFERENCE
------------------------+----------------------------------------
     Reporter:  nickm   |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-relay tls 024-backport
Actual Points:          |  Parent ID:
       Points:          |
------------------------+----------------------------------------

Comment (by nickm):

 Here are the ciphers that appear on the current client and server lists,
 sorted by client preference order:
 {{{
    XCIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
    XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA)
    XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)
    XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA)
    XCIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
    XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
    XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
 }}}
 Here are the ciphers that appear on the old client and current server
 lists, sorted by client preference order:
 {{{
    XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)
    XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
    XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA)
    XCIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
    XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA)
    XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
 }}}

 (I'm only considering the new server list from #11513, since we wouldn't
 merge a patch for this to any series without also merging #11513 .)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11528#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs