diff options
Diffstat (limited to 'spec/tor-spec/connections.md')
-rw-r--r-- | spec/tor-spec/connections.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/spec/tor-spec/connections.md b/spec/tor-spec/connections.md index d540489..a7ba661 100644 --- a/spec/tor-spec/connections.md +++ b/spec/tor-spec/connections.md @@ -1,4 +1,5 @@ <a id="tor-spec.txt-2"></a> + # Connections Connections between two Tor relays, or between a client and a relay, @@ -158,6 +159,7 @@ their IP address changes. Clients MAY send certificates using any of the above handshake variants. <a id="tor-spec.txt-2.1"></a> + ## Picking TLS ciphersuites Clients SHOULD send a ciphersuite list chosen to emulate some popular @@ -217,6 +219,7 @@ less than HASH_LEN bits. Responders SHOULD NOT select any SSLv3 ciphersuite other than the DHE+3DES suites listed above. <a id="tor-spec.txt-2.2"></a> + ## TLS security considerations Implementations MUST NOT allow TLS session resumption -- it can @@ -226,4 +229,3 @@ Feb 2013), and it plays havoc with forward secrecy guarantees. Implementations SHOULD NOT allow TLS compression -- although we don't know a way to apply a CRIME-style attack to current Tor directly, it's a waste of resources. - |