[tor-bugs] #11513 [Tor]: Make UNRESTRICTED_SERVER_CIPHER_LIST non-stupid
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 15 20:20:14 UTC 2014
#11513: Make UNRESTRICTED_SERVER_CIPHER_LIST non-stupid
------------------------+-----------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-client 024-backport tls
Actual Points: | Parent ID:
Points: |
------------------------+-----------------------------------------
Comment (by cypherpunks):
By default server follows client's preference. It depends
[https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#item_SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_OP_CIPHER_SERVER_PREFERENCE] option.
Is it worth to prevent any possible client's insecure choice or to allow
client to chose it's own destiny? (if something wrong with one of cipher
then client's software would be updated faster)
Either way, server's cipher list should be ordered for clarity, just in
case and for future.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11513#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list