[tor-dev] TBB: default setting for security.tls.version.max prevents use of TLS 1.2
Georg Koppen
gk at torproject.org
Fri May 9 18:32:39 UTC 2014
Hi,
Maciej Soltysiak:
> Hi,
>
> It's my first post in tor ml, hope it's the right place to write this.
>
> I am using the latest TBB. The default setting for the maximum version
> of TLS (comming from Firefox) is TLS 1.0 (security.tls.version.max =
> 1)
>
> ssllabs.com tests would confirm the result:
>
> TLS 1.2 No
> TLS 1.1 No
> TLS 1.0 Yes
> SSL 3 Yes
> SSL 2 No
>
> That's not very good, considering we're aiming for the top notch
> security here. When I set security.tls.version.max = 3 (meaning try to
> negotate TLS 1.2 first) I got:
>
> TLS 1.2 Yes
> TLS 1.1 Yes
> TLS 1.0 Yes
> SSL 3 Yes
> SSL 2 No
>
> Test it out yourselves.
> Anyway, I would like to propose we make TBB have
> security.tls.vesion.max=3 to make use of TLS 1.2
see: https://bugs.torproject.org/11253
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140509/84301f90/attachment.sig>
More information about the tor-dev
mailing list