From c2d1356739992e1df16e2f0fce6cedb5d4396323 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 5 Sep 2016 14:09:14 -0400 Subject: Change servers to never pick 3DES. Closes ticket 19998. --- src/common/tortls.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'src/common') diff --git a/src/common/tortls.c b/src/common/tortls.c index 23889be259..cf3c8ab548 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -552,8 +552,7 @@ MOCK_IMPL(STATIC X509 *, * claiming extra unsupported ciphers in order to avoid fingerprinting. */ #define SERVER_CIPHER_LIST \ (TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" \ - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" \ - SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA) /** List of ciphers that servers should select from when we actually have * our choice of what cipher to use. */ @@ -593,12 +592,8 @@ static const char UNRESTRICTED_SERVER_CIPHER_LIST[] = /* Required */ TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" /* Required */ - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" -#ifdef TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA - TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA ":" -#endif - /* Required */ - SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA; + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA + ; /* Note: to set up your own private testing network with link crypto * disabled, set your Tors' cipher list to -- cgit v1.2.3-54-g00ecf