[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] relay's count handshake versions, why not TLS handshake types?
At 08:26 8/2/2015 -0700, you wrote:
>It also may not tell you their ordering
>preference (but it might! again,
>you'd have to look at the code.)
That "openssl s_client" test I ran was
against my 0.2.6.10 with openssl 1.0.2
relay.
It's certain that ECDHE is preferred over
DHE, but my thought is that, especially with
0.2.7 dropping openssl 0.9.8 (no ECDHE),
that relays should refuse to accept
DHE connections entirely.
We've seen many downgrade attacks and
who knows for certain if none remain
buried in the openssl? Seems prudent
to kill-off DHE.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays