[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: on TLS ciphersuites



On Wed, Jan 03, 2007 at 02:48:03PM -0500, chris@xxxxxxxxxxxx wrote:
> I'm curious about need to specify 2 TLS ciphersuites in the spec...
> 
> All implementations MUST support
>    the TLS ciphersuite "TLS_EDH_RSA_WITH_DES_192_CBC3_SHA", and SHOULD
>    support "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available
> 
> Is the problem that we can't assume every TLS implentation is using strong
> enough encryption?

The problem is that when we started writing Tor, not every version of
OpenSSL in the wild supported AES.  I believe AES was first supported
in 0.9.7; it's still pretty common to find people running operating
systems with OpenSSL 0.9.6 or earlier.

>  It is a shame Tor must worry about these low level details
> of TLS.
> 
> Why can't we just say everyone MUST use
> "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" and be done with it?

Because it isn't nice to break compatibility gratuitously just to save
a couple of lines of code.

> (This isn't a fault of Tor but I'm bugged TLS allowed weak ciphersuites such
> that Tor must demand they NOT be used.)

Alas, my time machine is broken; going back in time and arguing with
the SSL developers is not an option. :)

yrs,
-- 
Nick Mathewson

Attachment: pgpSBv5X6BsDb.pgp
Description: PGP signature