[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Re: Post-Quantum Cryptography in Tor's TLS Layer: Help needed!

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Re: Post-Quantum Cryptography in Tor's TLS Layer: Help needed!
From: Alexander Hansen Færøy via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 2 Mar 2026 14:29:41 +0100
Cc: Alexander Hansen Færøy <ahf@xxxxxxxxxxxxxx>
In-reply-to: <20260301111234.00006133@quantentunnel.de>
List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
References: <02da1ac4-c6ea-4163-9ab8-361ecf26a1c2@torproject.org> <20260301111234.00006133@quantentunnel.de>
Reply-to: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird

Hey Felix,

On 01/03/2026 11.12, Felix via tor-relays wrote:

Hey

Thanks for the excellent work.

Out of 9476 scanned relays, ... , 291 were unreachable.


An interesting number for two reasons:

i. Mine are in that group of unreachable relays, still :( Going to bump
to Libressl 4.3.0 as soon as it is available :) - and functional.

ii. Is it fair to suggest that a max of 291 relays use Libressl out
of the 9476 being scanned? Besides Libressl is later than Openssl, how
do we look at this proportion, is it worth to increase the slice?

Yesterday, when I tried to reply to your email, I wrote a longer message abouthow the 291 number roughly matches what I saw in my earlier scan in January(~198 relays that were unreachable). While writing the mail, I tried toreproduce the result by only scanning George's Serge Bridge Authority relay,which I know is OpenBSD with LibreSSL, but I was unable to reach it at all.

It turns out you likely found a bug in our new PQC handshake code! When I usethe initial version of the scanner, which uses another crypto provider for thePQC, it works! We'll get this fixed, but this issue also made me run a new fullnetwork scan with the old crypto provider here. This scan had no errors from theTLS layer. The results are available at https://ahf.me/tor-tls-pqc/2026-03-01/


Good catch here, Felix!

With regard to whether it's a good idea to have a larger proportion of thenetwork based on LibreSSL, I will fall back on my usual thought on the networkdiversity question, which is that operators should use what they are mostcomfortable with :-)


The summary of yesterday's scan is as follows:

Scan Stats:
  - 9562 relays were reachable.
  - 158 relays were unreachable.

Cipher Suites:
  - `TLS13_AES_256_GCM_SHA384`: 9352.
  - `TLS13_CHACHA20_POLY1305_SHA256`: 165.
  - `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`: 39.
  - `TLS13_AES_128_GCM_SHA256`: 6.

Key Exchange Groups:
  - `X25519`: 5350.
  - `X25519MLKEM768`: 3313.
  - `secp256r1`: 899.

Directory Authorities:
  - 10 out of 10 were reachable.
  - `TLS13_AES_256_GCM_SHA384` was used by all 10.
  - `X25519` was used by 5, and `X25519MLKEM768` was used by 5.

3313 / 9562 * 100.0 = 34.65% of relays are supporting the `X25519MLKEM768` PQChandshake in the network right now.


Again, thanks for catching this, Felix!

Cheers,
Alex

--
Alexander Hansen Færøy
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx

References:
- [tor-relays] Re: Post-Quantum Cryptography in Tor's TLS Layer: Help needed!
  - From: Felix via tor-relays

Next by Author: [tor-relays] Hetzner abuse reports
Previous by thread: [tor-relays] Re: Post-Quantum Cryptography in Tor's TLS Layer: Help needed!
Next by thread: [tor-relays] Re: Post-Quantum Cryptography in Tor's TLS Layer: Help needed!
Index(es):
- Author
- Thread