Opened 6 years ago

Last modified 22 months ago

#11154 new defect

Tor TLS and Security Cipher

Reported by: ZeroCool Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: needs-triage
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

running the how's my ssl check the tor browser rated bad, the reason the tor browser is using old tls settings and old security cipers,

In the next update please set the minimum tls to 2 and the maximum to 3 in about:config for security.tls.version this makes the minimum tls 1.1 and my max tls 1.2.

Also please disable use of insecure cipher suites security.ssl3.rsa_fips_des_ede3_sha in about:config

Child Tickets

Change History (5)

comment:1 Changed 6 years ago by ZeroCool

Summary: Tor Security CipherTor TLS and Security Cipher

comment:2 Changed 5 years ago by kat

Just stumbled across this issue myself, good to see it logged. The latest Firefox (29.0.1) provides an almost identical fix as listed above, with the only difference being that it leaves the minimum TLS version at 0

Is there a way that I can contribute to fixing this? Submit a diff? (How?) Log in somewhere and change a config then submit for approval? Something else?

Happy to contribute where I can.

comment:3 Changed 5 years ago by erinn

Keywords: needs-triage added

comment:4 Changed 4 years ago by cypherpunks

Component: Tor bundles/installationTor Browser
Owner: changed from erinn to tbb-team

comment:5 Changed 22 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.