[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r13666: Enable v2 handshakes. (in tor/trunk: . doc/spec/proposals src/common)
Author: nickm
Date: 2008-02-21 17:14:32 -0500 (Thu, 21 Feb 2008)
New Revision: 13666
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/doc/spec/proposals/130-v2-conn-protocol.txt
tor/trunk/src/common/tortls.c
Log:
r14379@tombo: nickm | 2008-02-21 17:14:24 -0500
Enable v2 handshakes.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r14379] on 49666b30-7950-49c5-bedf-9dc8f3168102
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-02-21 21:57:47 UTC (rev 13665)
+++ tor/trunk/ChangeLog 2008-02-21 22:14:32 UTC (rev 13666)
@@ -5,6 +5,14 @@
for bridge users. Also do this for people who set StrictEntryNodes.
- When a TrackHostExits-chosen exit fails too many times in a row,
stop using it. Bugfix on 0.1.2.x. Fixes bug 437.
+ - Enable the revised TLS handshake based on the one designed by
+ Steven Murdoch in proposal 124, as revised in proposal 130. It
+ includes version negotiation for OR connections as described in
+ proposal 105. The new handshake is meant to be harder for
+ censors to fingerprint, and it adds the ability to detect
+ certain kinds of man-in-the-middle traffic analysis attacks.
+ The version negotiation feature will allow us to improve Tor's
+ link protocol more safely in the future.
o Major bugfixes:
- Resolved problems with (re-)fetching hidden service descriptors.
Modified: tor/trunk/doc/spec/proposals/130-v2-conn-protocol.txt
===================================================================
--- tor/trunk/doc/spec/proposals/130-v2-conn-protocol.txt 2008-02-21 21:57:47 UTC (rev 13665)
+++ tor/trunk/doc/spec/proposals/130-v2-conn-protocol.txt 2008-02-21 22:14:32 UTC (rev 13666)
@@ -17,7 +17,6 @@
Proposal 124: Blocking resistant TLS certificate usage
It refers to aspects of:
Proposal 105: Version negotiation for the Tor protocol
- Proposal 110: Avoid infinite length circuits
In summary, The Tor connection protocol has been in need of a redesign
@@ -183,8 +182,4 @@
as in proposal 105, and communications begin as per tor-spec.txt.
Until NETINFO cells have been exchanged, the connection is not open.
- RELAY_EARLY cells are accepted as in proposal 110, and treated as
- RELAY cells except that they are relayed as RELAY_EARLY if the next
- host in the circuit has negotiated v2 or later; otherwise, not.
- Command value 9 is used for RELAY_EARLY.
Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c 2008-02-21 21:57:47 UTC (rev 13665)
+++ tor/trunk/src/common/tortls.c 2008-02-21 22:14:32 UTC (rev 13666)
@@ -42,8 +42,10 @@
#include "ht.h"
#include <string.h>
-// #define V2_HANDSHAKE_SERVER
-// #define V2_HANDSHAKE_CLIENT
+/* Enable the "v2" TLS handshake.
+ */
+#define V2_HANDSHAKE_SERVER
+#define V2_HANDSHAKE_CLIENT
/* Copied from or.h */
#define LEGAL_NICKNAME_CHARACTERS \