[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] TBB: default setting for security.tls.version.max prevents use of TLS 1.2



Hi,

Maciej Soltysiak:
> Hi,
> 
> It's my first post in tor ml, hope it's the right place to write this.
> 
> I am using the latest TBB. The default setting for the maximum version
> of TLS (comming from Firefox) is TLS 1.0 (security.tls.version.max =
> 1)
> 
> ssllabs.com tests would confirm the result:
> 
> TLS 1.2 No
> TLS 1.1 No
> TLS 1.0 Yes
> SSL 3 Yes
> SSL 2 No
> 
> That's not very good, considering we're aiming for the top notch
> security here. When I set security.tls.version.max = 3 (meaning try to
> negotate TLS 1.2 first) I got:
> 
> TLS 1.2 Yes
> TLS 1.1 Yes
> TLS 1.0 Yes
> SSL 3 Yes
> SSL 2 No
> 
> Test it out yourselves.
> Anyway, I would like to propose we make TBB have
> security.tls.vesion.max=3 to make use of TLS 1.2

see: https://bugs.torproject.org/11253

Georg


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev