[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Tor not affected by recent openssl security advisories



On Thu, 28 Jan 2016 18:05:51 +0100
Tim Kuijsten <info@xxxxxxxxxx> wrote:
> > It's also worth noting that newer (0.2.7.x) versions of Tor should
> > not be doing DHE except when talking to old versions of Tor, linked
> > against old versions of OpenSSL as ECDH is both mandatory and
> > preferred in the current stable series.  
> 
> Is ECDH currently mandatory or did you mean ECDHE?

Yes.

It uses ECDH with Ephemeral keys.  Really, unless you vendor's OpenSSL
library is doing something Really Silly, or is ancient, this will Do
The Right Thing (TM).

-- 
Yawning Angel

[0]: Bow before your new NIST overlords, etc.

Attachment: pgphu_96xAHey.pgp
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev