#19998: Stop allowing 3DES in TLS ciphersuites ------------------------------+-------------------------------- Reporter: nickm | Owner: Type: defect | Status: new Priority: Medium | Milestone: Tor: 0.2.9.x-final Component: Core Tor/Tor | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: .2 | Reviewer: Sponsor: | ------------------------------+-------------------------------- Thanks to the SWEET32 attack, 3des is getting lots of attention.
Right now, Tor is willing in principle to negotiate a 3DES TLS connection. But the good news is (I think) that two non-obsolete Tor instances will never actually do so. Here is my reasoning: * Our source code has always preferred AES to 3DES. So the only way to get 3DES would be if one party didn't support AES. * OpenSSL began supporting AES in version 0.9.7. * Tor has required OpenSSL 0.9.7 or later since 7da93b80ca7a6ba , which was in 0.2.0.10-alpha. So this cipher shouldn't get negotiated, unless you're doing something very very weird. I suggest that the best fix is to stop servers from ever choosing it. I suggest that as an additional fix, clients should reject a connection to any server that _does_ choose it. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19998> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs