mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Merge remote-tracking branch 'public/ticket19998'
This commit is contained in:
commit
4b182dfc23
6
changes/bug19998
Normal file
6
changes/bug19998
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
o Minor features (security, TLS):
|
||||||
|
- Servers no longer support clients that do not provide AES
|
||||||
|
ciphersuites. (3DES is no longer considered an acceptable
|
||||||
|
cipher.) We believe that no such clients currently exist,
|
||||||
|
since we have required OpenSSL 0.9.7 or later since 2009.
|
||||||
|
Closes ticket 19998.
|
@ -552,8 +552,7 @@ MOCK_IMPL(STATIC X509 *,
|
|||||||
* claiming extra unsupported ciphers in order to avoid fingerprinting. */
|
* claiming extra unsupported ciphers in order to avoid fingerprinting. */
|
||||||
#define SERVER_CIPHER_LIST \
|
#define SERVER_CIPHER_LIST \
|
||||||
(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" \
|
(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" \
|
||||||
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" \
|
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
|
||||||
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
|
|
||||||
|
|
||||||
/** List of ciphers that servers should select from when we actually have
|
/** List of ciphers that servers should select from when we actually have
|
||||||
* our choice of what cipher to use. */
|
* our choice of what cipher to use. */
|
||||||
@ -593,12 +592,8 @@ static const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
|
|||||||
/* Required */
|
/* Required */
|
||||||
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":"
|
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":"
|
||||||
/* Required */
|
/* Required */
|
||||||
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":"
|
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
|
||||||
#ifdef TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA
|
;
|
||||||
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA ":"
|
|
||||||
#endif
|
|
||||||
/* Required */
|
|
||||||
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA;
|
|
||||||
|
|
||||||
/* Note: to set up your own private testing network with link crypto
|
/* Note: to set up your own private testing network with link crypto
|
||||||
* disabled, set your Tors' cipher list to
|
* disabled, set your Tors' cipher list to
|
||||||
|
Loading…
Reference in New Issue
Block a user