Commit cbab0530 authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

r12023@catbus: nickm | 2007-02-28 23:08:20 -0500 

 Embarassing that the number one hit for TLS_EDH_RSA_WITH_DES_192_CBC3_SHA was somebody trying to figure out what we meant when we said it.  Replace with something real, and clarify that sometimes "TLS" means "SSLv3".


svn:r9699
parent a46bd994

doc/spec/tor-spec.txt

+8 −7
Original line number Diff line number Diff line
@@ -141,13 +141,14 @@ see tor-design.pdf. 


2. Connections



   Tor uses TLS for link authentication and encryption.  All implementations

   MUST support

   the TLS ciphersuite "TLS_EDH_RSA_WITH_DES_192_CBC3_SHA", and SHOULD

   support "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available.

   Implementations MAY support other ciphersuites, but MUST NOT

   support any suite without ephemeral keys, symmetric keys of at

   least KEY_LEN bits, and digests of at least HASH_LEN bits.

   Tor uses TLS/SSLv3 for link authentication and encryption.  All

   implementations MUST support the SSLv3 ciphersuite

   "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", and SHOULD support the TLS

   ciphersuite "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available.

   Implementations MAY support other TLS ciphersuites, but MUST NOT

   support any suite that lacks ephemeral keys, or whose symmetric keys are

   less then KEY_LEN bits, or whose digests are less than HASH_LEN bits.

   Implementations SHOULD NOT allow other SSLv3 ciphersuites.



   Even though the connection protocol is identical, we will think of the

   initiator as either an onion router (OR) if it is willing to relay