Switch ECDHE group default logic for bridge/relay TLS

According to the manpage, bridges use P256 for conformity and relays use P224 for speed. But skruffy points out that we've gotten it backwards in the code. In this patch, we make the default P256 for everybody. Fixes bug 9780; bugfix on 0.2.4.8-alpha.
author: Nick Mathewson <nickm@torproject.org> 2013-09-19 10:40:41 -0400
committer: Nick Mathewson <nickm@torproject.org> 2013-10-08 16:32:07 -0400
commit: 72c1e5acfe1c6f04f4d7d398fc4a964d4bc5b62e (patch)
tree: 1ce001a115af1a80b1cf6d8103a2e6bcc7ba73c4 /changes
parent: fa1034cd999f19a50e6183dac6c65b3acaefe856 (diff)
download: tor-72c1e5acfe1c6f04f4d7d398fc4a964d4bc5b62e.tar
tor-72c1e5acfe1c6f04f4d7d398fc4a964d4bc5b62e.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/bug9780 b/changes/bug9780
new file mode 100644
index 000000000..3cb51bd52
--- /dev/null
+++ b/changes/bug9780
@@ -0,0 +1,8 @@
+  o Minor bugfixes (performance, fingerprinting):
+    - Our default TLS ecdhe groups were backwards: we meant to be using
+      P224 for relays (for performance win) and P256 for bridges (since
+      it is more common in the wild). Instead we had it backwards. After
+      reconsideration, we decided that the default should be P256 on all
+      hosts, since its security is probably better, and since P224 is
+      reportedly used quite little in the wild.  Found by "skruffy" on
+      IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.
author	Nick Mathewson <nickm@torproject.org>	2013-09-19 10:40:41 -0400
committer	Nick Mathewson <nickm@torproject.org>	2013-10-08 16:32:07 -0400
commit	72c1e5acfe1c6f04f4d7d398fc4a964d4bc5b62e (patch)
tree	1ce001a115af1a80b1cf6d8103a2e6bcc7ba73c4 /changes
parent	fa1034cd999f19a50e6183dac6c65b3acaefe856 (diff)
download	tor-72c1e5acfe1c6f04f4d7d398fc4a964d4bc5b62e.tar tor-72c1e5acfe1c6f04f4d7d398fc4a964d4bc5b62e.tar.gz