Opened 7 years ago

Closed 10 months ago

#9345 closed enhancement (wontfix)

enabling only the strongest ciphers in the tor browser to make cryptanalysis harder

Reported by: rainbowanon Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version: Tor: unspecified
Severity: Normal Keywords: encryption, https, cipher, suite, tbb-torbutton
Cc: g.koppen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I suggest disabling weak ciphers in the Tor Browser and enabling only the strongest cipher suites forcing HTTPS websites to use only the strongest encryption when communicating via HTTPS with the Tor Browser.
How to do it:
1-open the browser
2-type "about:config"
3-type "SSL3" in the search box
4-among the search results are all the cipher suites the browser utilities
5-double click on the (weak) ciphers you want to disable (like all the ones containing "128")
Now connect to any HTTPS website (like Facebook) and click the lock icon and see the cipher used.
Results and importance:
We all know now that weak ciphers are either already broken or are very close to being cracked. So using the strongest ciphers will make cryptanalysis performed by bad ExitNodes much much harder (if not entirely impossible) to result in anything harmful to Tor users.

Child Tickets

#9364enhancementclosedtbb-teamEnabling only RSA and Elliptic Curve Diffie–Hellman key exchange (ECDHE)

Change History (6)

comment:1 Changed 7 years ago by nickm

Component: TorTorBrowserButton
Owner: set to mikeperry
Priority: criticalmajor

comment:2 Changed 7 years ago by gk

Cc: g.koppen@… added

comment:3 Changed 6 years ago by erinn

Component: TorBrowserButtonTor Browser
Keywords: tbb-torbutton added
Owner: changed from mikeperry to tbb-team

comment:4 Changed 6 years ago by nickm

Milestone: Tor: unspecified

Removing tickets with non-Tor components from "Tor:Unspecified"

comment:5 Changed 3 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:6 Changed 10 months ago by gk

Resolution: wontfix
Status: newclosed

I don't think just enabling the strongest ciphers is the way to go.

Note: See TracTickets for help on using tickets.