[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18129 [Tor Messenger]: Investigate chosen ciphersuite
#18129: Investigate chosen ciphersuite
---------------------------+---------------------
Reporter: arlolra | Owner:
Type: defect | Status: new
Priority: High | Milestone:
Component: Tor Messenger | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
---------------------------+---------------------
Comment (by yawning):
Replying to [comment:6 arlolra]:
> It's been suggested that the server doesn't do server side ordering, so
whatever the client presents first gets picked, meaning Instantbird is
ordered to use AES128-SHA-128 first :(
Nope. because...
> Next step is to record the client hello in wireshark to see what it's
presenting, to be sure. And then figure out why ...
{{{
Cipher Suites Length: 22
Cipher Suites (11 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) <---
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
}}}
As far as I can tell, they don't support any of the ECDHE suites. The
right thing to do would be for them to catch up to current best practice
and enable said suites. The "we already have worse enabled" fix on the
Tor Messenger side is to enable `TLS_RSA_WITH_AES_128_GCM_SHA256` and
`TLS_RSA_WITH_AES_256_GCM_SHA384` after the `TLS_DHE_` suits, but before
the rest of the other `TLS_RSA_` suites.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18129#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs