diff options
author | Nick Mathewson <nickm@torproject.org> | 2016-09-05 14:10:48 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2016-09-05 14:10:48 -0400 |
commit | e22c36fb77f0c780fc532df1e54cebc8676190b3 (patch) | |
tree | 05a9ca51413dd2a495fef16696b46b5ba01c98da /tor-spec.txt | |
parent | 4adc21feb4eea16f17aa4ad964554a1a9244ebc7 (diff) | |
download | torspec-e22c36fb77f0c780fc532df1e54cebc8676190b3.tar.gz torspec-e22c36fb77f0c780fc532df1e54cebc8676190b3.zip |
Remove 3DES as a required suite; add the minimal AES one.
Diffstat (limited to 'tor-spec.txt')
-rw-r--r-- | tor-spec.txt | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tor-spec.txt b/tor-spec.txt index e85634d..ba9782f 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -182,8 +182,8 @@ see tor-design.pdf. Connections between two Tor relays, or between a client and a relay, use TLS/SSLv3 for link authentication and encryption. All implementations MUST support the SSLv3 ciphersuite - "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", and SHOULD support the TLS - ciphersuite "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available. + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available. They SHOULD + support better ciphersuites if available. There are three ways to perform TLS handshakes with a Tor server. In the first way, "certificates-up-front", both the initiator and |