I just tried to update Tor Browser in Whonix on Qubes OS and got this error: "curl_status_message: [35] - [SSL connect error. The SSL handshaking failed.]". I looked at it a bit closer and it looks like https://www.torproject.org is currently using insecure ciphers. ``` openssl s_client -connect www.torproject.org:443 … Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: DD04CBDA08AEFB17B0DCF3696B4D09DE761F150E4886E33AB5334B4F1EBD7575 Session-ID-ctx: Master-Key: 99B55DE1DB5319DC11D12C19C4DD1B3A1534331E4FB4E7C14A3C93628E068D970A0F493ED0EB878FA4E183F8F6656A4E Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1519601291 Timeout : 300 (sec) Verify return code: 0 (ok) ``` Firefox Nightly tells me the cipher in use is: ``` TLS_RSA_WITH_3DES_EDE_CBC_SHA ``` And https://www.ssllabs.com/ssltest/analyze.html?d=www.torproject.org tells me: protocols: ``` Protocols TLS 1.3 No TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 INSECURE Yes ``` ciphers: ``` TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128 TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 ``` **Trac**: **Username**: pege