Opened 4 years ago

Last modified 12 days ago

#9345 new enhancement

enabling only the strongest ciphers in the tor browser to make cryptanalysis harder

Reported by: rainbowanon Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version: Tor: unspecified
Severity: Normal Keywords: encryption, https, cipher, suite, tbb-torbutton
Cc: g.koppen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I suggest disabling weak ciphers in the Tor Browser and enabling only the strongest cipher suites forcing HTTPS websites to use only the strongest encryption when communicating via HTTPS with the Tor Browser.
How to do it:
1-open the browser
2-type "about:config"
3-type "SSL3" in the search box
4-among the search results are all the cipher suites the browser utilities
5-double click on the (weak) ciphers you want to disable (like all the ones containing "128")
VOILA!
Now connect to any HTTPS website (like Facebook) and click the lock icon and see the cipher used.
Results and importance:
We all know now that weak ciphers are either already broken or are very close to being cracked. So using the strongest ciphers will make cryptanalysis performed by bad ExitNodes much much harder (if not entirely impossible) to result in anything harmful to Tor users.

Child Tickets

TicketTypeStatusOwnerSummary
#9364enhancementclosedtbb-teamEnabling only RSA and Elliptic Curve Diffie–Hellman key exchange (ECDHE)

Change History (5)

comment:1 Changed 4 years ago by nickm

Component: TorTorBrowserButton
Owner: set to mikeperry
Priority: criticalmajor

comment:2 Changed 4 years ago by gk

Cc: g.koppen@… added

comment:3 Changed 3 years ago by erinn

Component: TorBrowserButtonTor Browser
Keywords: tbb-torbutton added
Owner: changed from mikeperry to tbb-team

comment:4 Changed 3 years ago by nickm

Milestone: Tor: unspecified

Removing tickets with non-Tor components from "Tor:Unspecified"

comment:5 Changed 12 days ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.