]> git.ipfire.org Git - thirdparty/tor.git/commit
projects / thirdparty / tor.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 63208aa) | patch
Let servers choose better ciphersuites when clients support them
authorNick Mathewson <nickm@torproject.org>
Wed, 28 Nov 2012 18:31:17 +0000 (13:31 -0500)
committerNick Mathewson <nickm@torproject.org>
Wed, 26 Dec 2012 01:14:07 +0000 (20:14 -0500)
commit175b2678d7dd0ff8b00b597169e4a9a0d8e86f12
tree3d7531b0316a389bee440521e608b7a9ffc72735tree | snapshot
parent63208aa1e53f5ffc3ecbe47402cc2736bbce6af0commit | diff
Let servers choose better ciphersuites when clients support them

This implements the server-side of proposal 198 by detecting when
clients lack the magic list of ciphersuites that indicates that
they're lying faking some ciphers they don't really have.  When
clients lack this list, we can choose any cipher that we'd actually
like.  The newly allowed ciphersuites are, currently, "All ECDHE-RSA
ciphers that openssl supports, except for ECDHE-RSA-RC4".

The code to detect the cipher list relies on on (ab)use of
SSL_set_session_secret_cb.
changes/tls_ecdhe [new file with mode: 0644] blob
src/common/tortls.c diff | blob | blame | history
src/common/tortls.h diff | blob | blame | history
src/or/connection_or.c diff | blob | blame | history
Mirror of https://git.torproject.org/tor.git