mirror repository of the tor core protocol in case of issues
Go to file
Nick Mathewson bd3db82906 New sort order for server choice of ciphersuites.
Back in 175b2678, we allowed servers to recognize clients who are
telling them the truth about their ciphersuites, and select the best
cipher from on that list. This implemented the server side of proposal
198.

In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes
and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had.
In #11513, I found a couple more.

Rather than try to hand-edit this list, I wrote a short python script
to generate our ciphersuite preferences from the openssl headers.

The new rules are:
  * Require forward secrecy.
  * Require RSA (since our servers only configure RSA keys)
  * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA,
    and NULL.)
  * No export ciphersuites.

Then:
  * Prefer AES to 3DES.
  * If both suites have the same cipher, prefer ECDHE to DHE.
  * If both suites have the same DHE group type, prefer GCM to CBC.
  * If both suites have the same cipher mode, prefer SHA384 to SHA256
    to SHA1.
  * If both suites have the same digest, prefer AES256 to AES128.
2014-04-14 14:16:49 -04:00
changes New sort order for server choice of ciphersuites. 2014-04-14 14:16:49 -04:00
contrib Remove some lingering tsocks cruft. 2013-02-27 19:39:57 -05:00
doc Fix documentation of torrc search order 2014-04-01 20:56:03 -04:00
m4 Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
src New sort order for server choice of ciphersuites. 2014-04-14 14:16:49 -04:00
.gitignore Add a new automake dropping ("test-driver") to .gitignore 2013-01-16 01:56:35 -05:00
acinclude.m4 Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
autogen.sh Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
ChangeLog rewrite history to improve two changelog entries 2013-10-10 21:17:19 -04:00
configure.ac whoops; mistaek in a496010642. so many comma 2014-02-18 01:15:59 +00:00
Doxyfile.in Fix up all doxygen warnings other than "foo is not documented" 2011-03-16 14:47:27 -04:00
INSTALL Small fixes for the 2702 implementation 2011-04-02 12:15:08 +02:00
LICENSE Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
Makefile.am Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
Makefile.nmake Add clean target and test subdir to makefile.nmake 2013-01-16 22:29:38 -05:00
README we have two faqs for now 2010-02-22 00:41:48 -05:00
ReleaseNotes forward-port the 0.2.3.25 changelog and release notes 2012-11-20 03:46:56 -05:00

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/faq.html
        https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ