Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 175b2678d7
Branches Tags
tor
/
changes
/
tls_ecdhe

tls_ecdhe 1.2 KB
History Raw

123456789101112131415161718192021222324 
  1.   o Major features:
    2. 

  2. 

  3.     - Servers can now enable the ECDHE TLS ciphersuites when
    4. 

  4.       available and appropriate. These ciphersuites, when used with
    5. 

  5.       the P-256 elliptic curve, let us negotiate forward-secure TLS
    6. 

  6.       secret keys more safely and more efficiently than with our
    7. 

  7.       previous use of Diffie Hellman modulo a 1024-bit prime.
    8. 

  8. 

  9.       Enabling these ciphers was a little tricky, since for a long
    10. 

  10.       time, clients had been claiming to support them without
    11. 

  11.       actually doing so, in order to foil fingerprinting. But with
    12. 

  12.       the client-side implementation of proposal 198 in
    13. 

  13.       0.2.3.17-beta, clients can now match the ciphers from recent
    14. 

  14.       firefox versions *and* list the ciphers they actually mean, so
    15. 

  15.       servers can believe such clients when they advertise ECDHE
    16. 

  16.       support in their TLS ClientHello messages.
    17. 

  17. 

  18.       This feature requires clients running 0.2.3.17-beta or later,
    19. 

  19.       and requires both sides to be running OpenSSL 1.0.0 or later
    20. 

  20.       with ECC support. OpenSSL 1.0.1, with the compile-time option
    21. 

  21.       "enable-ec_nistp_64_gcc_128", is highly recommended.
    22. 

  22.       Implements the server side of proposal 198; closes ticket
    23. 

  23.       7200.
    24. 

  24.