Merge remote-tracking branch 'public/ticket19998'

This commit is contained in:
Nick Mathewson 2016-09-13 08:54:43 -04:00
commit 4b182dfc23
2 changed files with 9 additions and 8 deletions

6
changes/bug19998 Normal file
View File

@ -0,0 +1,6 @@
o Minor features (security, TLS):
- Servers no longer support clients that do not provide AES
ciphersuites. (3DES is no longer considered an acceptable
cipher.) We believe that no such clients currently exist,
since we have required OpenSSL 0.9.7 or later since 2009.
Closes ticket 19998.

View File

@ -552,8 +552,7 @@ MOCK_IMPL(STATIC X509 *,
* claiming extra unsupported ciphers in order to avoid fingerprinting. */ * claiming extra unsupported ciphers in order to avoid fingerprinting. */
#define SERVER_CIPHER_LIST \ #define SERVER_CIPHER_LIST \
(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" \ (TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" \
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" \ TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
/** List of ciphers that servers should select from when we actually have /** List of ciphers that servers should select from when we actually have
* our choice of what cipher to use. */ * our choice of what cipher to use. */
@ -593,12 +592,8 @@ static const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
/* Required */ /* Required */
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":"
/* Required */ /* Required */
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
#ifdef TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA ;
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA ":"
#endif
/* Required */
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA;
/* Note: to set up your own private testing network with link crypto /* Note: to set up your own private testing network with link crypto
* disabled, set your Tors' cipher list to * disabled, set your Tors' cipher list to