[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17374 [Tor Browser]: Disable 1024-DH Encryption by default

Subject: Re: [tor-bugs] #17374 [Tor Browser]: Disable 1024-DH Encryption by default
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 07 Nov 2015 16:09:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 07 Nov 2015 11:09:27 -0500
In-reply-to: <051.246300c0e5b4ce13b6d259c32310a39a@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.246300c0e5b4ce13b6d259c32310a39a@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17374: Disable 1024-DH Encryption by default
-------------------------+--------------------------
 Reporter:  cypherpunks  |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  High         |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+--------------------------

Comment (by yawning):

 TLS negotiates which ciphersuite to use based on what the client claims to
 support in a `ClientHello`, with the most preferred first.  Any modern (or
 halfway modern) web browser including Tor Browser will express preference
 the ECDHE suites.

 The only times DHE suites will be used is if:
  * The server does not support ECDHE.
  * The server is horrifically misconfigured and prefers DHE over ECDHE.

 What is suggested will force correct behavior in the latter case, at the
 expense of not being able to connect at all to servers exhibiting the
 former behavior.  This is a usability vs security tradeoff, and my concern
 would be that people fall back to plain http when they can't reach a site
 over https (No crypto vs theoretically/speculatively weak crypto).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17374#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #16651 [Tor]: Tor fails to build on OpenBSD 5.8 due to libevent config options
Next by Author: Re: [tor-bugs] #17533 [TorBirdy]: do not use keyserver-options in Whonix
Previous by thread: Re: [tor-bugs] #17374 [Tor Browser]: Disable 1024-DH Encryption by default
Next by thread: Re: [tor-bugs] #17374 [Tor Browser]: Disable 1024-DH Encryption by default
Index(es):
- Author
- Thread