]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49fd124)
Update client cipher list to match current firefox
authorNick Mathewson <nickm@torproject.org>
Tue, 6 May 2025 14:08:43 +0000 (10:08 -0400)
committerNick Mathewson <nickm@torproject.org>
Tue, 6 May 2025 14:51:07 +0000 (10:51 -0400)
(Shelikhoo says that this countermeasure is still likely to be
helpful for some users, and so we might as well keep it.)

changes/ticket41067 patch | blob | blame | history
src/lib/tls/ciphers.inc patch | blob | blame | history

diff --git a/changes/ticket41067 b/changes/ticket41067
index 0baa74b078e0c452ce00e75f6cc55215c759a5fa..d72442b8ced29a04b7d0b9f02e87ea12c410f596 100644 (file)
--- a/changes/ticket41067
+++ b/changes/ticket41067
@@ -1,3 +1,5 @@
   o Minor features (security):
     - Require TLS version 1.2 or later.  (Version 1.3 support will
       be required in the near future.)  Part of ticket 41067.
+    - Update TLS 1.2 client cipher list to match current Firefox.
+      Part of ticket 41067.
diff --git a/src/lib/tls/ciphers.inc b/src/lib/tls/ciphers.inc
index 4361ad3892ea765e60aff2124ff18b8acaa2be3e..882d9c694068c327ed0f476bcc1d333587f42be3 100644 (file)
--- a/src/lib/tls/ciphers.inc
+++ b/src/lib/tls/ciphers.inc
@@ -4,8 +4,6 @@
  *
  * This file was automatically generated by get_mozilla_ciphers.py.
  */
-
-/* Here's the machine-generated list. */
 #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
     CIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
 #else
@@ -56,15 +54,15 @@
 #else
    XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)
 #endif
-#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
-    CIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
+#ifdef TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256
+    CIPHER(0x009c, TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256)
 #else
-   XCIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
+   XCIPHER(0x009c, TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256)
 #endif
-#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
-    CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
+#ifdef TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384
+    CIPHER(0x009d, TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384)
 #else
-   XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
+   XCIPHER(0x009d, TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384)
 #endif
 #ifdef TLS1_TXT_RSA_WITH_AES_128_SHA
     CIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA)
@@ -76,8 +74,3 @@
 #else
    XCIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA)
 #endif
-#ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA
-    CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA)
-#else
-   XCIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA)
-#endif
Mirror of https://git.torproject.org/tor.git