[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #10250 [- Select a component]: Disable RC4 in TBB Firefox

Subject: [tor-bugs] #10250 [- Select a component]: Disable RC4 in TBB Firefox
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 29 Nov 2013 06:42:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 29 Nov 2013 01:42:21 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10250: Disable RC4 in TBB Firefox
----------------------------------+---------------------
 Reporter:  Jesse V.              |          Owner:
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:
Component:  - Select a component  |        Version:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
----------------------------------+---------------------
 Attacks against RC4 have recently been reported as plausible, and
 Microsoft, among other groups, have recommended avoiding RC4 for
 symmetric-key encryption. I would recommend blacklisting cipher suites
 that rely upon RC4 so that other stronger algorithms, such as AES, will be
 preferred instead, so as to avoid these attacks.ÂFor example, I have
 disabled 0x9c, 0x35, 0x5, 0x4, 0x2f, and 0xa in Chromium because they do
 not provide perfect forward secrecy, and 0xc007, 0xc011, and 0x66 because
 they rely on RC4 but do provide perfect forward secrecy.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10250>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #10250 [Tor bundles/installation]: Disable RC4 in TBB Firefox
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #9444 [Tor bundles/installation]: Create deterministic TorBrowserBundles with Pluggable Transports
Next by Author: [tor-bugs] #10251 [Tor Sysadmin Team]: move /srv onto its own partition on rude
Previous by thread: Re: [tor-bugs] #9988 [BridgeDB]: Refactor BridgeDB's use of `sha` module to use `hashlib` instead.
Next by thread: Re: [tor-bugs] #10250 [Tor bundles/installation]: Disable RC4 in TBB Firefox
Index(es):
- Author
- Thread