summaryrefslogtreecommitdiff
path: root/changes/tls_ecdhe
diff options
context:
space:
mode:
Diffstat (limited to 'changes/tls_ecdhe')
-rw-r--r--changes/tls_ecdhe26
1 files changed, 26 insertions, 0 deletions
diff --git a/changes/tls_ecdhe b/changes/tls_ecdhe
new file mode 100644
index 0000000000..48c6384dad
--- /dev/null
+++ b/changes/tls_ecdhe
@@ -0,0 +1,26 @@
+ o Major features:
+
+ - Servers can now enable the ECDHE TLS ciphersuites when available
+ and appropriate. These ciphersuites let us negotiate forward-
+ secure TLS secret keys more safely and more efficiently than with
+ our previous use of Diffie Hellman modulo a 1024-bit prime.
+ By default, public servers prefer the (faster) P224 group, and
+ bridges prefer the (more common) P256 group; you can override this
+ with the TLSECGroup option.
+
+ Enabling these ciphers was a little tricky, since for a long
+ time, clients had been claiming to support them without
+ actually doing so, in order to foil fingerprinting. But with
+ the client-side implementation of proposal 198 in
+ 0.2.3.17-beta, clients can now match the ciphers from recent
+ firefox versions *and* list the ciphers they actually mean, so
+ servers can believe such clients when they advertise ECDHE
+ support in their TLS ClientHello messages.
+
+ This feature requires clients running 0.2.3.17-beta or later,
+ and requires both sides to be running OpenSSL 1.0.0 or later
+ with ECC support. OpenSSL 1.0.1, with the compile-time option
+ "enable-ec_nistp_64_gcc_128", is highly recommended.
+ Implements the server side of proposal 198; closes ticket
+ 7200.
+
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion