#21005: Enforce Stronger Ciphers in Tor Messenger --------------------------------------------+--------------------------- Reporter: cypherpunks | Owner: Type: enhancement | Status: new Priority: Medium | Milestone: Component: Applications/Tor Messenger | Version: Severity: Normal | Keywords: Tor Messenger Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | --------------------------------------------+--------------------------- In considering to limit the standard ciphers to the ones recommended in RFC 7525 from 2015 for torbirdy (ticket:20751), and to minimize the risk of downgrade attacks, it might be advisable to find a similar solution for tor messenger, too. (Maybe even a similar way of handling exceptions in the UX)
Therefor I suggest the following standard settings (torbirdy, ticket:20751) 1. tls version 1.2 (RFC 5246 from 2008, tls version 1.3 is is going to be introduced next year) {{{security.tls.version.min = 3}}} 2. recommended ciphers in accordance to RFC 7525 (from 2015) {{{security.ssl3.* false}}} {{{security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 true}}} {{{security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 true}}} 3. Prevent Insecure Recognition {{{security.ssl.require_safe_negotiation true}}} {{{security.ssl.treat_unsafe_negotiation_as_broken true}}} 4. Certificate Pinning {{{security.cert_pinning.enforcement_level = 2}}} ticket:16494#comment:5 suggests to implement a tbb like slider for Tor Messenger and to enforce a stronger set of ciphers just for the higher security settings. As explained in https://blog.torproject.org/blog/tor- messenger-030b1-released#comment-220689 to follow the recommendations of the last RFCs tls version 1.2 has to be used (otherwise the recommended ciphers can't be used). Today, most XMPP server support TLS version 1.2 and are able to use modern ciphers, allowing a downgrade of the ciphers just allows downgrade attacks and weakens the overall security. Ie, an user should not enforce stronger ciphers by setting a higher security level, instead he should get a message in the moment the the server doesn't support the (stronger) standard cipher than he can decide what to do, ie either to use a different XMPP server (a server that doesn't support tls v 1.2 in 2017, is just a bad choice and the server owner might just do a bad job and even save password as md5 hash etc) or deliberately use the xmpp sever (if the server used to support stronger encryption and stops to do so, the user might even know that something is going wrong) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21005> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs