Opened 6 years ago

Closed 3 years ago

#9364 closed enhancement (invalid)

Enabling only RSA and Elliptic Curve Diffie–Hellman key exchange (ECDHE)

Reported by: VladimirTimoshkin60 Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #9345 Points:
Reviewer: Sponsor:

Description

How:
go to about:config
search "SSL3"
Among what you see are the key exchange protocols
double click on DH protocols and leave ECDHE and RSA intact.
Result:
-Forcing secure websites to use either RSA or ECDHE for key exchange (the most secure key exchange protocols)
-Disabling Diffie-Hellman key exchange protocol (considered less secure than those mentioned above).
PS: ECDHE is even more secure than RSA, so you might want to consider disabling RSA too.

Child Tickets

Change History (2)

comment:1 Changed 5 years ago by erinn

Component: TorBrowserButtonTor Browser
Keywords: tbb-torbutton added
Owner: changed from mikeperry to tbb-team

comment:2 Changed 3 years ago by bugzilla

Keywords: Cipher ECDHE RSA HTTPS encryption DH tbb-torbutton removed
Resolution: invalid
Severity: Normal
Status: newclosed

It's not an enhancement - it will be a compatibility problem. ECC is not so good as you think.

Note: See TracTickets for help on using tickets.