[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r13666: Enable v2 handshakes. (in tor/trunk: . doc/spec/proposals src/common)



Author: nickm
Date: 2008-02-21 17:14:32 -0500 (Thu, 21 Feb 2008)
New Revision: 13666

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/doc/spec/proposals/130-v2-conn-protocol.txt
   tor/trunk/src/common/tortls.c
Log:
 r14379@tombo:  nickm | 2008-02-21 17:14:24 -0500
 Enable v2 handshakes.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r14379] on 49666b30-7950-49c5-bedf-9dc8f3168102

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-02-21 21:57:47 UTC (rev 13665)
+++ tor/trunk/ChangeLog	2008-02-21 22:14:32 UTC (rev 13666)
@@ -5,6 +5,14 @@
       for bridge users. Also do this for people who set StrictEntryNodes.
     - When a TrackHostExits-chosen exit fails too many times in a row,
       stop using it.  Bugfix on 0.1.2.x.  Fixes bug 437.
+    - Enable the revised TLS handshake based on the one designed by
+      Steven Murdoch in proposal 124, as revised in proposal 130.  It
+      includes version negotiation for OR connections as described in
+      proposal 105.  The new handshake is meant to be harder for
+      censors to fingerprint, and it adds the ability to detect
+      certain kinds of man-in-the-middle traffic analysis attacks.
+      The version negotiation feature will allow us to improve Tor's
+      link protocol more safely in the future.
 
   o Major bugfixes:
     - Resolved problems with (re-)fetching hidden service descriptors.

Modified: tor/trunk/doc/spec/proposals/130-v2-conn-protocol.txt
===================================================================
--- tor/trunk/doc/spec/proposals/130-v2-conn-protocol.txt	2008-02-21 21:57:47 UTC (rev 13665)
+++ tor/trunk/doc/spec/proposals/130-v2-conn-protocol.txt	2008-02-21 22:14:32 UTC (rev 13666)
@@ -17,7 +17,6 @@
        Proposal 124: Blocking resistant TLS certificate usage
     It refers to aspects of:
        Proposal 105: Version negotiation for the Tor protocol
-       Proposal 110: Avoid infinite length circuits
 
 
   In summary, The Tor connection protocol has been in need of a redesign
@@ -183,8 +182,4 @@
    as in proposal 105, and communications begin as per tor-spec.txt.
    Until NETINFO cells have been exchanged, the connection is not open.
 
-   RELAY_EARLY cells are accepted as in proposal 110, and treated as
-   RELAY cells except that they are relayed as RELAY_EARLY if the next
-   host in the circuit has negotiated v2 or later; otherwise, not.
-   Command value 9 is used for RELAY_EARLY.
 

Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c	2008-02-21 21:57:47 UTC (rev 13665)
+++ tor/trunk/src/common/tortls.c	2008-02-21 22:14:32 UTC (rev 13666)
@@ -42,8 +42,10 @@
 #include "ht.h"
 #include <string.h>
 
-// #define V2_HANDSHAKE_SERVER
-// #define V2_HANDSHAKE_CLIENT
+/* Enable the "v2" TLS handshake.
+ */
+#define V2_HANDSHAKE_SERVER
+#define V2_HANDSHAKE_CLIENT
 
 /* Copied from or.h */
 #define LEGAL_NICKNAME_CHARACTERS \