|
|
@@ -141,13 +141,14 @@ see tor-design.pdf.
|
|
|
|
|
|
2. Connections
|
|
|
|
|
|
- Tor uses TLS for link authentication and encryption. All implementations
|
|
|
- MUST support
|
|
|
- the TLS ciphersuite "TLS_EDH_RSA_WITH_DES_192_CBC3_SHA", and SHOULD
|
|
|
- support "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available.
|
|
|
- Implementations MAY support other ciphersuites, but MUST NOT
|
|
|
- support any suite without ephemeral keys, symmetric keys of at
|
|
|
- least KEY_LEN bits, and digests of at least HASH_LEN bits.
|
|
|
+ Tor uses TLS/SSLv3 for link authentication and encryption. All
|
|
|
+ implementations MUST support the SSLv3 ciphersuite
|
|
|
+ "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", and SHOULD support the TLS
|
|
|
+ ciphersuite "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available.
|
|
|
+ Implementations MAY support other TLS ciphersuites, but MUST NOT
|
|
|
+ support any suite that lacks ephemeral keys, or whose symmetric keys are
|
|
|
+ less then KEY_LEN bits, or whose digests are less than HASH_LEN bits.
|
|
|
+ Implementations SHOULD NOT allow other SSLv3 ciphersuites.
|
|
|
|
|
|
Even though the connection protocol is identical, we will think of the
|
|
|
initiator as either an onion router (OR) if it is willing to relay
|
Nick Mathewson