[tor-bugs] #27971 [- Select a component]: Still supports 1024 bit keys
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Oct 7 12:21:28 UTC 2018
#27971: Still supports 1024 bit keys
---------------------+--------------------------------------
Reporter: kroeckx | Owner: (none)
Type: defect | Status: new
Priority: Medium | Component: - Select a component
Version: | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------+--------------------------------------
The code still contains a 1024 bit DH key. If you still want to support
DH, can I suggest you switch to a key from rfc7919?
As far as I understand, since 0.2.4, ECDHE is prefered, and DHE shouldn't
be used anymore. The 0.2.4 branch itself doesn't seem to be supported
anymore.
#27344 changed things so that 1024 bit DH keys will always be allowed, and
only seems to be added to support very old hosts that are known to have
several security issues.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27971>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list