[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] relay's count handshake versions, why not TLS handshake types?
In the next-above thread I had mistakenly
conflated relay handshakes and 'openssl'
TLS negotiations, which are it seems
entirely independent. Thanks to Yawning
for correcting that misconception.
TLS encryption protects the relay-to-relay
conversation protocol if I understand
correctly, while cells are further
encrypted with EC curve 25519 for the
actual layered/onion encryption.
Per ticket
https://trac.torproject.org/projects/tor/ticket/15212
relay handshake types are counted and logged
in the heartbeat message with the idea
that the old v1/v2 handshake support
should soon be eliminated soon.
Now I wonder why the TLS handshake types
are not also counted with the idea that
DHE-RSA-AES256-SHA should be eliminated
entirely due the near certainty that
the NSA can decrypt any such sessions
negotiated using the default DH 1024
bit primes, per the LogJam research
https://weakdh.org/
I know that 0.2.7 is eliminating 'openssl'
0.9.8 from the picture, but this does not
prevent
$ openssl s_client -connect addr:port -tls1 -cipher EDH
from successfully establishing a connection
to relay OR ports with the aforementioned
suspect DHE encryption level.
Seems to me forcible prevention of this
level of TLS session should be nearly as
important as moving to the new ed25519
identity keys.
In addition to ECDHE vs DHE, it might
make sense to count how many SSL 3,
TLS 1.0, 1.1 and 1.2 connections are
established to be certain SSL 3 is really
dead and to see how quickly TLS 1.2
is fully supported everywhere.
Perhaps which ECDHE curve is selected
should also be tracked.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays