search

tor2web / Tor2web

Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers
https://www.tor2web.org
GNU Affero General Public License v3.0
700 stars 177 forks source link

Update cipher list to those from weakdh.org #284

Open filternetz opened 8 years ago

filternetz commented 8 years ago

At the moment, only 2 specific ciphers are enabled. We consider updating that to a more up-to-date list of ciphers and disable any others.

https://weakdh.org/sysadmin.html

http://secure.sourcesure.eu is running with this at the moment.

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/30219259-update-cipher-list-to-those-from-weakdh-org?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github).
evilaliv3 commented 8 years ago

thanks @filternetz

i will redo a recheck on the difference and let you know.

fpietrosanti commented 8 years ago

It shall be configurabile from tor2web.conf

Sent from mobile

On 26/gen/2016, at 14:34, Giovanni Pellerano notifications@github.com wrote:

thanks @filternetz

i will redo a recheck on the difference and let you know.

— Reply to this email directly or view it on GitHub.

evilaliv3 commented 8 years ago

it is @fpietrosanti; so?

simply @filternetz is proposing to update the list with the lastest strong one; given that our selection is of some years ago it's possible that it should be re-validated.

filternetz commented 8 years ago

Indeed, i'm proposing to update the list by default, an sysadmin is still able to update it through tor2web. So nothing changes there, merely, an updated list of ciphers is always a good thing.

Data hygiene ;-)