#24978: Tor doesn't work when built with (unreleased) OpenSSL 1.1.1 built with
 Reporter:  nickm                                |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  merge_ready
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  029-backport, 031-backport,          |  Actual Points:
  032-backport, openssl, review-group-31         |
Parent ID:                                       |         Points:
 Reviewer:  isis                                 |        Sponsor:
Changes (by isis):

 * status:  needs_review => merge_ready


 IMHO we should merge `bug24978_029_enable`, because opportunistically
 speaking the cleaner, better-designed TLS protocol with the nicer ciphers
 would be preferable to simply disabling it (assuming everything about our
 current link protocol will still function in a TLS 1.3 context).

 One note:

  * `"TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256
 -GCM-SHA384:"` is the default ciphersuite list/ordering for OpenSSL 1.1.1.
 Ours is going to now be `"TLS13-AES-256-GCM-
 SHA256:TLS13-AES-128-CCM-SHA256:[…]"` (plus some other stuff). I don't
 know if or how much we should care about what will probably eventually
 result in a preference reordering. This means older link protocol tors
 will be distinguishable from newer ones, but they'll look different
 anyway, so merge at your call.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24978#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to