From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 17 Apr 2014 14:23:18 +0000 (-0400)
Subject: Elevate server TLS cipher preferences over client
X-Git-Tag: tor-0.2.5.4-alpha~32^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0b319de60f7c80ab5c37c57af182f4f710ceb5b7;p=thirdparty%2Ftor.git

Elevate server TLS cipher preferences over client

The server cipher list is (thanks to #11513) chosen systematically to
put the best choices for Tor first.  The client cipher list is chosen
to resemble a browser.  So let's set SSL_OP_CIPHER_SERVER_PREFERENCE
to have the servers pick according to their own preference order.
---

diff --git a/changes/ticket11528 b/changes/ticket11528
new file mode 100644
index 0000000000..15daad9950
--- /dev/null
+++ b/changes/ticket11528
@@ -0,0 +1,6 @@
+  o Minor features:
+    - Servers now trust themselves to have a better view than clients of
+      which TLS ciphersuites to choose. (Thanks to #11513, the server
+      list is now well-considered, whereas the client list has been
+      chosen mainly for anti-fingerprinting purposes.) Resolves ticket
+      11528.
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 886ee0ddac..8eb524ebfa 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1261,6 +1261,10 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
     goto error;
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
 
+  /* Prefer the server's ordering of ciphers: the client's ordering has
+  * historically been chosen for fingerprinting resistance. */
+  SSL_CTX_set_options(result->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+
   /* Disable TLS1.1 and TLS1.2 if they exist.  We need to do this to
    * workaround a bug present in all OpenSSL 1.0.1 versions (as of 1
    * June 2012), wherein renegotiating while using one of these TLS