[tor-bugs] #32351 [Internal Services/Tor Sysadmin Team]: review our ssl ciphers suite
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 31 18:16:55 UTC 2019
#32351: review our ssl ciphers suite
-----------------------------------------------------+-----------------
Reporter: anarcat | Owner: tpa
Type: task | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------------------------------+-----------------
We currently use magic incantation from the Mozilla SSL observatory in our
Apache (and now nginx, see #32239) installations. We should review it and
see if it's still relevant. It seems we're using the suites as per the
Mozilla observatory, but since we're upgrading to buster, it might be
worth upgrading our suite a little.
The documentation in the file mentions those URLs:
https://mozilla.github.io/server-side-tls/ssl-config-
generator/?server=apache-2.4.25&openssl=1.0.2l&hsts=yes&profile=intermediate
https://mozilla.github.io/server-side-tls/ssl-config-
generator/?server=apache-2.4.25&openssl=1.1.0&hsts=no&profile=intermediate
But that's *two* lists... maybe what we have is the merged one?
In any case, this probably needs a kick. The list was created in 2014 and
last touched in 2018, according to the comments in the apache config.
Unless we have per openssl-version configs, this will have to wait until
#29399 is done at least.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32351>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list