tor/changes/tls_ecdhe

  o Major features:

    - Servers can now enable the ECDHE TLS ciphersuites when
      available and appropriate. These ciphersuites, when used with
      the P-256 elliptic curve, let us negotiate forward-secure TLS
      secret keys more safely and more efficiently than with our
      previous use of Diffie Hellman modulo a 1024-bit prime.

      Enabling these ciphers was a little tricky, since for a long
      time, clients had been claiming to support them without
      actually doing so, in order to foil fingerprinting. But with
      the client-side implementation of proposal 198 in
      0.2.3.17-beta, clients can now match the ciphers from recent
      firefox versions *and* list the ciphers they actually mean, so
      servers can believe such clients when they advertise ECDHE
      support in their TLS ClientHello messages.

      This feature requires clients running 0.2.3.17-beta or later,
      and requires both sides to be running OpenSSL 1.0.0 or later
      with ECC support. OpenSSL 1.0.1, with the compile-time option
      "enable-ec_nistp_64_gcc_128", is highly recommended.
      Implements the server side of proposal 198; closes ticket
      7200.
Let servers choose better ciphersuites when clients support them This implements the server-side of proposal 198 by detecting when clients lack the magic list of ciphersuites that indicates that they're lying faking some ciphers they don't really have. When clients lack this list, we can choose any cipher that we'd actually like. The newly allowed ciphersuites are, currently, "All ECDHE-RSA ciphers that openssl supports, except for ECDHE-RSA-RC4". The code to detect the cipher list relies on on (ab)use of SSL_set_session_secret_cb. 2012-11-28 19:31:17 +01:00			`o Major features:`

			`- Servers can now enable the ECDHE TLS ciphersuites when`
			`available and appropriate. These ciphersuites, when used with`
			`the P-256 elliptic curve, let us negotiate forward-secure TLS`
			`secret keys more safely and more efficiently than with our`
			`previous use of Diffie Hellman modulo a 1024-bit prime.`

			`Enabling these ciphers was a little tricky, since for a long`
			`time, clients had been claiming to support them without`
			`actually doing so, in order to foil fingerprinting. But with`
			`the client-side implementation of proposal 198 in`
			`0.2.3.17-beta, clients can now match the ciphers from recent`
			`firefox versions and list the ciphers they actually mean, so`
			`servers can believe such clients when they advertise ECDHE`
			`support in their TLS ClientHello messages.`

			`This feature requires clients running 0.2.3.17-beta or later,`
			`and requires both sides to be running OpenSSL 1.0.0 or later`
			`with ECC support. OpenSSL 1.0.1, with the compile-time option`
			`"enable-ec_nistp_64_gcc_128", is highly recommended.`
			`Implements the server side of proposal 198; closes ticket`
			`7200.`