[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] relay's count handshake versions, why not TLS handshake types?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] relay's count handshake versions, why not TLS handshake types?
From: starlight.2015q2@xxxxxxxxxxx
Date: Sun, 02 Aug 2015 11:17:58 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 02 Aug 2015 11:18:13 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

In the next-above thread I had mistakenly
conflated relay handshakes and 'openssl'
TLS negotiations, which are it seems
entirely independent.  Thanks to Yawning
for correcting that misconception.

TLS encryption protects the relay-to-relay
conversation protocol if I understand
correctly, while cells are further
encrypted with EC curve 25519 for the
actual layered/onion encryption.

Per ticket

https://trac.torproject.org/projects/tor/ticket/15212

relay handshake types are counted and logged
in the heartbeat message with the idea
that the old v1/v2 handshake support
should soon be eliminated soon.

Now I wonder why the TLS handshake types
are not also counted with the idea that
DHE-RSA-AES256-SHA should be eliminated
entirely due the near certainty that
the NSA can decrypt any such sessions
negotiated using the default DH 1024
bit primes, per the LogJam research

https://weakdh.org/

I know that 0.2.7 is eliminating 'openssl'
0.9.8 from the picture, but this does not
prevent

$ openssl s_client -connect addr:port -tls1 -cipher EDH

from successfully establishing a connection
to relay OR ports with the aforementioned
suspect DHE encryption level.

Seems to me forcible prevention of this
level of TLS session should be nearly as
important as moving to the new ed25519
identity keys.

In addition to ECDHE vs DHE, it might
make sense to count how many SSL 3,
TLS 1.0, 1.1 and 1.2 connections are
established to be certain SSL 3 is really
dead and to see how quickly TLS 1.2
is fully supported everywhere.
Perhaps which ECDHE curve is selected
should also be tracked.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] relay's count handshake versions, why not TLS handshake types?
  - From: Tom Ritter

Prev by Author: Re: [tor-relays] Tor 2.6.10 fails to generate fresh DH Keys
Next by Author: [tor-relays] Blutmagie does not see 0.2.7.2 bandwidth
Previous by thread: Re: [tor-relays] Tor 2.6.10 fails to generate fresh DH Keys
Next by thread: Re: [tor-relays] relay's count handshake versions, why not TLS handshake types?
Index(es):
- Author
- Thread