On Mon, Jan 12, 2015 at 04:25:56PM +0100, Philipp Winter wrote:
On Sat, Dec 27, 2014 at 03:38:28PM +0100, Tom van der Woerdt wrote:
After reading the Tor spec [1] I did some digging and realized that the old handshakes and link protocols (v1 (certs up-front) and v2 (renegotiation)) are not used anymore as of 0.2.3.6-alpha which introduced link proto v3.
Supporting v1 and v2 requires (among other things) supporting SSLv3 which (imho) should be deprecated everywhere.
I was curious about how many relays and clients still want to speak version 1 and 2. I patched one of my guard relays to keep statistics about the content of VERSIONS cells. Here's the result after almost three days. The numbers include relays as well as clients.
Versions | Amount total | Amount w/o duplicate hosts ---------+---------------+--------------------------- 1 and 2 | 34,648 (9%) | 21,552 (23%) 3 | 73,202 (18%) | 54,307 (59%) 3 and 4 | 291,807 (73%) | 16,235 (18%) 4 | 3 (0%) | 2 (0%)
Does "1 and 2" contradict section 4.1 or tor-spec.txt?
Since the version 1 link protocol does not use the "renegotiation" handshake, implementations MUST NOT list version 1 in their VERSIONS cell.
Is it a bug that tor is including 1 in its VERSIONS cell?
I found this nice log message in the source code: } else if (highest_supported_version == 1) { /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS * cells. */ log_fn(LOG_PROTOCOL_WARN, LD_OR, "Used version negotiation protocol to negotiate a v1 connection. " "That's crazily non-compliant. Closing connection."); connection_or_close_for_error(chan->conn, 0); return; }
David Fifield