[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r13117: minor tweaks of the v2-conn-protocol text (tor/trunk/doc/spec/proposals/ideas)
Author: arma
Date: 2008-01-12 14:50:52 -0500 (Sat, 12 Jan 2008)
New Revision: 13117
Modified:
tor/trunk/doc/spec/proposals/ideas/xxx-v2-conn-protocol.txt
Log:
minor tweaks of the v2-conn-protocol text
Modified: tor/trunk/doc/spec/proposals/ideas/xxx-v2-conn-protocol.txt
===================================================================
--- tor/trunk/doc/spec/proposals/ideas/xxx-v2-conn-protocol.txt 2008-01-12 18:07:10 UTC (rev 13116)
+++ tor/trunk/doc/spec/proposals/ideas/xxx-v2-conn-protocol.txt 2008-01-12 19:50:52 UTC (rev 13117)
@@ -41,7 +41,8 @@
The version of the Tor connection protocol implemented up to now is
"version 1". This proposal describes "version 2".
- "Old" or "Older" versions of Tor are ones not aware of this protocol;
+ "Old" or "Older" versions of Tor are ones not aware that version 2
+ of this protocol exists;
"New" or "Newer" versions are ones that are.
The connection initiator is referred to below as the Client; the
@@ -81,14 +82,14 @@
coming from a Tor server. The server does not ask the client for
certificates.
- Old Servers will (mostly) ignore the cipher list respond as in the v1
- protocol, and send back a two-certificate chain.
+ Old Servers will (mostly) ignore the cipher list and respond as in the v1
+ protocol, sending back a two-certificate chain.
After the Client gets a response from the server, it checks for the
- number of certificates. If there are two certificates, the client
- assumes a V1 connection and proceeds as in tor-spec.txt. But if there
- is only one certificate, the client assumes a V2 or later protocol and
- continues.
+ number of certificates it received. If there are two certificates,
+ the client assumes a V1 connection and proceeds as in tor-spec.txt.
+ But if there is only one certificate, the client assumes a V2 or later
+ protocol and continues.
At this point, the client has established a TLS connection with the
server, but the parties have not been authenticated: the server hasn't
@@ -131,9 +132,13 @@
SSL_MODE_NO_AUTO_CHAIN flag and sets the callback as for the V1
protocol. It then starts reading.
-
The other problem to take care of is missing ciphers and OpenSSL's
- cipher sorting algorithms. [XXXX more on this.]
+ cipher sorting algorithms. The two main issues are a) OpenSSL doesn't
+ support some of the default ciphers that Firefox advertises, and b)
+ OpenSSL sorts the list of ciphers it offers in a different way than
+ Firefox sorts them, so unless we fix that Tor will still look different
+ than Firefox.
+ [XXXX more on this.]
1.2. Compatibility for clients using libraries less hackable than OpenSSL.