r14379@tombo: nickm | 2008-02-21 17:14:24 -0500

Enable v2 handshakes. svn:r13666
2008-02-21 22:14:32 +00:00 · 2008-02-21 22:14:32 +00:00 · b21a122ef6
parent 69300eb606
commit b21a122ef6
3 changed files with 12 additions and 7 deletions
--- a/8
+++ b/8
@ -5,6 +5,14 @@ Changes in version 0.2.0.20-?? - 2008-02-??
      for bridge users. Also do this for people who set StrictEntryNodes.
    - When a TrackHostExits-chosen exit fails too many times in a row,
      stop using it.  Bugfix on 0.1.2.x.  Fixes bug 437.
+    - Enable the revised TLS handshake based on the one designed by
+      Steven Murdoch in proposal 124, as revised in proposal 130.  It
+      includes version negotiation for OR connections as described in
+      proposal 105.  The new handshake is meant to be harder for
+      censors to fingerprint, and it adds the ability to detect
+      certain kinds of man-in-the-middle traffic analysis attacks.
+      The version negotiation feature will allow us to improve Tor's
+      link protocol more safely in the future.

  o Major bugfixes:
    - Resolved problems with (re-)fetching hidden service descriptors.
--- a/doc/spec/proposals/130-v2-conn-protocol.txt
+++ b/doc/spec/proposals/130-v2-conn-protocol.txt
@ -17,7 +17,6 @@ Overview:
       Proposal 124: Blocking resistant TLS certificate usage
    It refers to aspects of:
       Proposal 105: Version negotiation for the Tor protocol
-       Proposal 110: Avoid infinite length circuits


  In summary, The Tor connection protocol has been in need of a redesign
@ -183,8 +182,4 @@ Proposal:
   as in proposal 105, and communications begin as per tor-spec.txt.
   Until NETINFO cells have been exchanged, the connection is not open.

-   RELAY_EARLY cells are accepted as in proposal 110, and treated as
-   RELAY cells except that they are relayed as RELAY_EARLY if the next
-   host in the circuit has negotiated v2 or later; otherwise, not.
-   Command value 9 is used for RELAY_EARLY.

--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -42,8 +42,10 @@ const char tortls_c_id[] =
 #include "ht.h"
 #include <string.h>

-// #define V2_HANDSHAKE_SERVER
-// #define V2_HANDSHAKE_CLIENT
+/* Enable the "v2" TLS handshake.
+ */
+#define V2_HANDSHAKE_SERVER
+#define V2_HANDSHAKE_CLIENT

 /* Copied from or.h */
 #define LEGAL_NICKNAME_CHARACTERS \