[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] relay's count handshake versions, why not TLS handshake types?
Of course! This is implicit in my posting.
What I am saying is that, like old v1/v2
handshakes, Tor should be moving in the
direction of eliminating DHE. The
way to approach that is to *count*
the number of DHE handshakes and
other TLS session attributes. This
is currently begin done for TOR/NTOR
handshakes but is not for TLS negotiations.
0.2.7 will not build/run with openssl
0.9.8, so once 0.2.7 is widely deployed
DHE can be forcibly disabled.
BUT, as with v1/v2 handshakes, one
would not want to do that prematurely
so counting them is a good idea.
That suggesting is the principle
idea of the thread.
At 20:01 8/2/2015 +0300, you wrote:
>I think that is to maintain a backward
>compatibility. Tor tries as hard as possible to
>maintain backward compatibility with older
>versions, unless something critical which requires
>deprecation regardless some relays will disappear
>from the consensus.
>
>I guess this is the reason we currently prefer
>ECDHE but do not reject DHE. In the future, when
>we are certain everyone upgraded to new enough
>OpenSSL, we can safely reject DHE all the time.
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays