[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Tor 2.6.10 fails to generate fresh DH Keys



>Bug: Assertion r == 0 failed in crypto_generate_dynamic_dh_modulus at ../src/common/crypto.c:1788.
>

Looks like you have DynamicDHGroups enabled
in your torrc file.

This is interesting because the recent
LogJam research indicates the NSA
has probably broken commonly used 1024
bit DH groups, which suggests turning
on this parameter.

However it was disabled by default some
time ago for anti-fingerprinting reasons:

https://trac.torproject.org/projects/tor/ticket/5598

AND, it's probably a moot issue now that Ntor
handshakes (elliptic curve) have overtaken
older RSA connections.

So you should delete 

  DynamicDHGroups 1

from torrc and let it be disabled
by default.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays