[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #15426 [Core Tor/Tor]: Update ciphers.inc to match ciphers from current Firefox
#15426: Update ciphers.inc to match ciphers from current Firefox
-------------------------------------------------+-------------------------
Reporter: cypherpunks | Owner: nickm
Type: enhancement | Status:
| needs_review
Priority: High | Milestone: Tor:
| 0.3.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: 027-triaged-1-out, nickm- | Actual Points: .2
deferred-20160905, tor-03-unspecified-201612 |
Parent ID: | Points: 2
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by yawning):
I'm uncertain of how useful this actually is, and if we were going to
match a browser's ciphersuites, matching chrome's would probably be
"better" as it totally crushes firefox in terms of market share. That's
probably a topic for a different discussion though.
The client branch looks ok from a "it matches Firefox" point of view,
though if it were up to me, I'd move ChaCha around at runtime depending on
if hardware AES is available or not.
Does OpenSSL do the right thing client side if TLS < 1.2 is negotiated,
and the server picks an AEAD suite (RFC 7251 Sec. 3)?
The server branch likewise looks ok, though my comments regarding ChaCha
prioritization also apply here. Nitpick: Update the `MANDATORY` list to
remove the DES suite (Per: #19998).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15426#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs