r12023@catbus: nickm | 2007-02-28 23:08:20 -0500

 Embarassing that the number one hit for TLS_EDH_RSA_WITH_DES_192_CBC3_SHA was somebody trying to figure out what we meant when we said it.  Replace with something real, and clarify that sometimes "TLS" means "SSLv3".

svn:r9699

diff --git a/doc/spec/tor-spec.txt b/doc/spec/tor-spec.txt
index 672ecce41a03ff714d336036457359461b44583e..21983cc1c2242ae70512c8b8f5395257d4ac34ff 100644 (file)
--- a/doc/spec/tor-spec.txt
+++ b/doc/spec/tor-spec.txt
@@ -141,13 +141,14 @@ see tor-design.pdf.
 
 2. Connections
 
-   Tor uses TLS for link authentication and encryption.  All implementations
-   MUST support
-   the TLS ciphersuite "TLS_EDH_RSA_WITH_DES_192_CBC3_SHA", and SHOULD
-   support "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available.
-   Implementations MAY support other ciphersuites, but MUST NOT
-   support any suite without ephemeral keys, symmetric keys of at
-   least KEY_LEN bits, and digests of at least HASH_LEN bits.
+   Tor uses TLS/SSLv3 for link authentication and encryption.  All
+   implementations MUST support the SSLv3 ciphersuite
+   "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", and SHOULD support the TLS
+   ciphersuite "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available.
+   Implementations MAY support other TLS ciphersuites, but MUST NOT
+   support any suite that lacks ephemeral keys, or whose symmetric keys are
+   less then KEY_LEN bits, or whose digests are less than HASH_LEN bits.
+   Implementations SHOULD NOT allow other SSLv3 ciphersuites.
 
    Even though the connection protocol is identical, we will think of the
    initiator as either an onion router (OR) if it is willing to relay