aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2007-03-01 04:08:23 +0000
committerNick Mathewson <nickm@torproject.org>2007-03-01 04:08:23 +0000
commitcbab0530c6f9d08b6037feb9d89ae6ee3dba59c1 (patch)
treee64a4160313fa8396dc546055ddaad67e9ead7d8 /doc
parenta46bd9942df2e26237ddf9ce0acc5ff4b9a78e2a (diff)
downloadtor-cbab0530c6f9d08b6037feb9d89ae6ee3dba59c1.tar
tor-cbab0530c6f9d08b6037feb9d89ae6ee3dba59c1.tar.gz
r12023@catbus: nickm | 2007-02-28 23:08:20 -0500
Embarassing that the number one hit for TLS_EDH_RSA_WITH_DES_192_CBC3_SHA was somebody trying to figure out what we meant when we said it. Replace with something real, and clarify that sometimes "TLS" means "SSLv3". svn:r9699
Diffstat (limited to 'doc')
-rw-r--r--doc/spec/tor-spec.txt15
1 files changed, 8 insertions, 7 deletions
diff --git a/doc/spec/tor-spec.txt b/doc/spec/tor-spec.txt
index 672ecce41..21983cc1c 100644
--- a/doc/spec/tor-spec.txt
+++ b/doc/spec/tor-spec.txt
@@ -141,13 +141,14 @@ see tor-design.pdf.
2. Connections
- Tor uses TLS for link authentication and encryption. All implementations
- MUST support
- the TLS ciphersuite "TLS_EDH_RSA_WITH_DES_192_CBC3_SHA", and SHOULD
- support "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available.
- Implementations MAY support other ciphersuites, but MUST NOT
- support any suite without ephemeral keys, symmetric keys of at
- least KEY_LEN bits, and digests of at least HASH_LEN bits.
+ Tor uses TLS/SSLv3 for link authentication and encryption. All
+ implementations MUST support the SSLv3 ciphersuite
+ "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", and SHOULD support the TLS
+ ciphersuite "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" if it is available.
+ Implementations MAY support other TLS ciphersuites, but MUST NOT
+ support any suite that lacks ephemeral keys, or whose symmetric keys are
+ less then KEY_LEN bits, or whose digests are less than HASH_LEN bits.
+ Implementations SHOULD NOT allow other SSLv3 ciphersuites.
Even though the connection protocol is identical, we will think of the
initiator as either an onion router (OR) if it is willing to relay