aboutsummaryrefslogtreecommitdiff
path: root/changes/tls_ecdhe
diff options
context:
space:
mode:
Diffstat (limited to 'changes/tls_ecdhe')
-rw-r--r--changes/tls_ecdhe26
1 files changed, 0 insertions, 26 deletions
diff --git a/changes/tls_ecdhe b/changes/tls_ecdhe
deleted file mode 100644
index 48c6384dad..0000000000
--- a/changes/tls_ecdhe
+++ /dev/null
@@ -1,26 +0,0 @@
- o Major features:
-
- - Servers can now enable the ECDHE TLS ciphersuites when available
- and appropriate. These ciphersuites let us negotiate forward-
- secure TLS secret keys more safely and more efficiently than with
- our previous use of Diffie Hellman modulo a 1024-bit prime.
- By default, public servers prefer the (faster) P224 group, and
- bridges prefer the (more common) P256 group; you can override this
- with the TLSECGroup option.
-
- Enabling these ciphers was a little tricky, since for a long
- time, clients had been claiming to support them without
- actually doing so, in order to foil fingerprinting. But with
- the client-side implementation of proposal 198 in
- 0.2.3.17-beta, clients can now match the ciphers from recent
- firefox versions *and* list the ciphers they actually mean, so
- servers can believe such clients when they advertise ECDHE
- support in their TLS ClientHello messages.
-
- This feature requires clients running 0.2.3.17-beta or later,
- and requires both sides to be running OpenSSL 1.0.0 or later
- with ECC support. OpenSSL 1.0.1, with the compile-time option
- "enable-ec_nistp_64_gcc_128", is highly recommended.
- Implements the server side of proposal 198; closes ticket
- 7200.
-
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion