summaryrefslogtreecommitdiff
path: root/changes/tls_ecdhe
blob: 48c6384dad45df5e2e712dd81a1a0c3f9815a99c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
  o Major features:

    - Servers can now enable the ECDHE TLS ciphersuites when available
      and appropriate. These ciphersuites let us negotiate forward-
      secure TLS secret keys more safely and more efficiently than with
      our previous use of Diffie Hellman modulo a 1024-bit prime.
      By default, public servers prefer the (faster) P224 group, and
      bridges prefer the (more common) P256 group; you can override this
      with the TLSECGroup option.

      Enabling these ciphers was a little tricky, since for a long
      time, clients had been claiming to support them without
      actually doing so, in order to foil fingerprinting. But with
      the client-side implementation of proposal 198 in
      0.2.3.17-beta, clients can now match the ciphers from recent
      firefox versions *and* list the ciphers they actually mean, so
      servers can believe such clients when they advertise ECDHE
      support in their TLS ClientHello messages.

      This feature requires clients running 0.2.3.17-beta or later,
      and requires both sides to be running OpenSSL 1.0.0 or later
      with ECC support. OpenSSL 1.0.1, with the compile-time option
      "enable-ec_nistp_64_gcc_128", is highly recommended.
      Implements the server side of proposal 198; closes ticket
      7200.