on TLS ciphersuites
chris at seberino.org
chris at seberino.org
Wed Jan 3 19:48:03 UTC 2007
I'm curious about need to specify 2 TLS ciphersuites in the spec...
All implementations MUST support
the TLS ciphersuite "TLS_EDH_RSA_WITH_DES_192_CBC3_SHA", and SHOULD
support "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available
Is the problem that we can't assume every TLS implentation is using strong
enough encryption? It is a shame Tor must worry about these low level details
of TLS.
Why can't we just say everyone MUST use "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" and
be done with it?
(This isn't a fault of Tor but I'm bugged TLS allowed weak ciphersuites such
that Tor must demand they NOT be used.)
chris
--
_______________________________________
Christian Seberino, Ph.D.
5707 SANTA FE ST
SAN DIEGO, CA 92109-1622
Phone: (619) 573-4233
Email: chris at seberino.org
_______________________________________
More information about the tor-dev
mailing list