mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-20 18:22:09 +01:00
Code Issues Projects Releases Wiki Activity

Update the protocol versions recommendations to remove LinkAuth=1

Browse Source 
LinkAuth method 1 is the one where we pull the TLS master secrets
out of the OpenSSL data structures and authenticate them with
RSA. Right now we list method 1 as required for clients and relays.
That's a problem, since we can't reasonably support it with NSS. So
let's remove it as a requirement and a recommendation.

As for method 3: I'd like to recommend it it, but that would make
0.2.9 start warning.  Let's not do that till at least some time
after 0.3.5 (the next LTS) is stable.

Closes ticket 27286
This commit is contained in:
Nick Mathewson 2018-08-23 11:24:39 -04:00
parent c1ad40627b
commit 14be9cba4e
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/27286 Normal file
View File

@ -0,0 +1,4 @@
o Minor features (directory authorities):
- Authorities no longer vote to make the subprotocol version "LinkAuth=1"
a requirement: it is unsupportable with NSS, and hasn't been needed
since Tor 0.3.0.1-alpha. Closes ticket 27286.

8
src/or/dirserv.c
View File

@ -3082,16 +3082,16 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
/* These are hardwired, to avoid disaster. */
v3_out->recommended_relay_protocols =
tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
"Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
"Link=4 Microdesc=1-2 Relay=2");
v3_out->recommended_client_protocols =
tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
"Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
"Link=4 Microdesc=1-2 Relay=2");
v3_out->required_client_protocols =
tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
"Link=4 LinkAuth=1 Microdesc=1-2 Relay=2");
"Link=4 Microdesc=1-2 Relay=2");
v3_out->required_relay_protocols =
tor_strdup("Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
"Link=3-4 LinkAuth=1 Microdesc=1 Relay=1-2");
"Link=3-4 Microdesc=1 Relay=1-2");
/* We are not allowed to vote to require anything we don't have. */
tor_assert(protover_all_supported(v3_out->required_relay_protocols, NULL));