Elevate server TLS cipher preferences over client

The server cipher list is (thanks to #11513) chosen systematically to put the best choices for Tor first. The client cipher list is chosen to resemble a browser. So let's set SSL_OP_CIPHER_SERVER_PREFERENCE to have the servers pick according to their own preference order.
author: Nick Mathewson <nickm@torproject.org> 2014-04-17 10:23:18 -0400
committer: Nick Mathewson <nickm@torproject.org> 2014-04-17 10:33:04 -0400
commit: 0b319de60f7c80ab5c37c57af182f4f710ceb5b7 (patch)
tree: fdb58d36fe21c7f5268475cd95c3f54b6c64e9eb /changes
parent: f3c20a28ab50386064043cc31edb3b1b543d6fc6 (diff)
download: tor-0b319de60f7c80ab5c37c57af182f4f710ceb5b7.tar
tor-0b319de60f7c80ab5c37c57af182f4f710ceb5b7.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/changes/ticket11528 b/changes/ticket11528
new file mode 100644
index 000000000..15daad995
--- /dev/null
+++ b/changes/ticket11528
@@ -0,0 +1,6 @@
+  o Minor features:
+    - Servers now trust themselves to have a better view than clients of
+      which TLS ciphersuites to choose. (Thanks to #11513, the server
+      list is now well-considered, whereas the client list has been
+      chosen mainly for anti-fingerprinting purposes.) Resolves ticket
+      11528.
author	Nick Mathewson <nickm@torproject.org>	2014-04-17 10:23:18 -0400
committer	Nick Mathewson <nickm@torproject.org>	2014-04-17 10:33:04 -0400
commit	0b319de60f7c80ab5c37c57af182f4f710ceb5b7 (patch)
tree	fdb58d36fe21c7f5268475cd95c3f54b6c64e9eb /changes
parent	f3c20a28ab50386064043cc31edb3b1b543d6fc6 (diff)
download	tor-0b319de60f7c80ab5c37c57af182f4f710ceb5b7.tar tor-0b319de60f7c80ab5c37c57af182f4f710ceb5b7.tar.gz