Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #11528

Closed (moved)
Open
Opened Apr 15, 2014 by Nick Mathewson@nickm🐙

Consider using ​SSL_OP_CIPHER_SERVER_PREFERENCE

With #11513 (moved), we gave the servers a reasonable set of ciphers to allow. On that ticket, cypherpunks notes:

By default server follows client's preference. It depends ​SSL_OP_CIPHER_SERVER_PREFERENCE option. Is it worth to prevent any possible client's insecure choice or to allow client to chose it's own destiny? (if something wrong with one of cipher then client's software would be updated faster) Either way, server's cipher list should be ordered for clarity, just in case and for future.

So to be clear, my understanding is that the algorithm is to take the intersection of the client's list and the server's list, and then pick the item in the intersection that appeared first on the client's order (by default) or the item in the intersection that appeared first on the server's list (if SSL_OP_CIPHER_SERVER_PREFERENCE is set on the server).

Which way shall we do it?

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
Tor: 0.2.4.x-final
Milestone
Tor: 0.2.4.x-final
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#11528