- tor-relays - lists.torproject.org

Relay operators meetup in France
by Jolie Fleure 04 Mar '26

04 Mar '26

Dear relay operators, Interhack, a network of french-speaking hackerspaces organises a gathering from 2 to 5 July, in Sévérac (Loire Atlantique) in France https://2026.camp.interhacker.space/ Tor-related discussions typically occur at Interhack/hackerspaces events. Following the call for more distributed relay operator meetups, we are thinking of taking the opportunity of this event to propose one there. That would be a rather small meeting, considering the limited size of the event itself and the quite remote location. Also we are very small scale relay operators (currently we operate one relay and a bunch of bridges). Nontheless, we would be very happy to meet other relay operators and push more tor discussions in our hackerspaces. What do you think of this? Is there a more official way of announcing a relay operator meetup than sending email on this list? Are there guidelines for how such meetings should/could be conducted?

2 1

Post-Quantum Cryptography in Tor's TLS Layer: Help needed!
by Alexander Hansen Færøy 02 Mar '26

02 Mar '26

Hello Tor Relay Operators, With the arrival of OpenSSL 3.5.0 in 2025, we finally had an important missing piece of infrastructure to start enabling the Tor network to support Post-Quantum Cryptography in the outermost cryptographic layer of the Tor protocol. Since Tor version 0.4.8.17, we have supported the x25519/ML-KEM-768 hybrid handshake in our TLS layer, and we have gradually seen more relays supporting it in the production network. Tor Browser has been built against OpenSSL >= 3.5.0 since (at least) version 13.5.22, released in September 2025, and therefore supports Post-Quantum TLS handshakes today, but it requires that its guard node supports it. We need to give a big shout-out to the OpenSSL Team here to get this out and available to the masses! <3 Since Q3 2025, I've been running some semi-regular scans of the Tor production network to check for TLS cipher suite availability. This work started as part of the first Tor Community Gathering back in October, 2025[1]. The results are as follows: In January, around 28% of the Tor relays supported the Post-Quantum TLS handshake. The scan I did yesterday showed an increase of around 4 percentage points to 32.32%. Out of 9476 scanned relays, 9185 were reachable, 291 were unreachable. Of the 9185 reachable relays, I saw the following distribution of cipher suites: `TLS13_AES_256_GCM_SHA384`: 9023 relays. `TLS13_CHACHA20_POLY1305_SHA256`: 158 relays. `TLS13_AES_128_GCM_SHA256`: 4 relays. For the key exchange groups, I saw the following distribution: `secp256r1`: 6212 relays. `X25519MLKEM768`: 2969 relays. `X25519`: 4 relays. Of the Directory Authorities, 5 of them supported the `X25519MLKEM768` key exchange group during the TLS handshakes. 2969 / 9185 * 100 = 32.32% of relays support the `X25519MLKEM768` cipher suite. This number is a good start, but we should ideally bump it up! You can see the individual results for your relay(s) in the big table available at https://ahf.me/tor-tls-pqc/2026-02-26/ -- entries without a cipher suite or key exchange group were unreachable at the time I ran the scan. These missing entries can be due to a network problem anywhere on the path between my host and yours, so don't get worried if your relay is missing :-) The scanner I used is free software and is available as part of the Network Health Team's Margot tool[2], used for various analysis purposes. Please note that the goal here isn't to enumerate all available cipher suites for each relay, but instead I'm interested in the "strongest" possible cipher suite my custom client can negotiate with each relay. My ask for you as the relay operator community here is as follows: Next time you folks are doing maintenance on your relay(s), please have a look at whether you can upgrade either your packages or underlying software distribution to a version such that you either get a new enough version of OpenSSL (>= 3.5.0), or if you are a LibreSSL user, check whether the LibreSSL project supports the ML-KEM hybrid handshake, and upgrade to that version. It looks like the LibreSSL project is currently working towards supporting the ML-KEM handshake in the next upcoming release[3]. For Debian users, to get a new enough OpenSSL version that supports the PQC TLS handshake, you need to upgrade to (at least) Debian Trixie. For everybody else, it's best to check your respective software distribution's package management system to find the version you need to upgrade to. For Arti users, a licensing issue with the currently available crypto providers in Arti prevented enabling the ML-KEM handshake. Nick, however, has recently been making progress on this matter and has a patch up that is now pending upstream review[4]! :-) If you are excited about exploring different aspects of the Tor ecosystem, talking with other Tor enthusiasts, and you have nothing planned for your weekend in two weeks, I highly encourage you to look into the next Tor Community Gathering in Denmark. The event takes place from 2026-03-13 to 2026-03-15. For more information, check out our website at https://onionize.space/2026/ Thank you all for all the work you do to make Tor better! <3 Cheers, Alex [1]: https://onionize.space/2025/ [2]: https://gitlab.torproject.org/tpo/network-health/margot/ [3]: https://github.com/libressl/portable/blob/a989b7acb9a475fde656e48dbcb38289d… [4]: https://github.com/RustCrypto/rustls-rustcrypto/pull/143 -- Alexander Hansen Færøy

3 3

Advisory: Unauthenticated remote trigger of Hetzner's "Netscan" detection
by invisibleprefixes＠mailbox.org 02 Mar '26

02 Mar '26

CVSS v4.0 Score: 6 / Medium CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Hetzner aims to detect portscans from within their network to targets outside their network, especially to destinations not visible via BGP. When their outbound scan detection triggers on a given customer IP address the customer gets an email: "Netscan detected from host ..." If the customer does not react in time, the customer's source IP is blocked from any further communication until the customer responds to the report. According to Hetzner the blocking is enforced after "manual verification" only. Vulnerability Description ========================= An unauthenticated remote attacker, who is able to trigger outbound packets from a given Hetzner customer source IP, can trigger the described portscan detection and block a Hetzner customer's Internet access if the customer does not respond to Hetzner in time. There are many services that allow the provocation of outbound packets by design, a few popular examples: * SMTP: various outbound checks performed for incoming emails (SPF, DKIM, DMARC, ...). The attacker can influence the target of outbound destinations by sending emails from domains under their control. * DNS: Recursive resolver are usually not directly exposed to the public but other servers (SMTP, Webserver, ...) might use resolvers located within the Hetzner network. * Web Applikations can have features that allow users to trigger outbound connections to arbitrary destinations. Examples: * Link previews generated server side (for example on a fediverse server) * Server-Side RSS Readers * Server-Side Request Forgery (SSRF) weaknesses * tor relays It is NOT possible to exploit this without a service on the target system by using source IP spoofing with source IPs from prefixes not announced via BGP. Impact An unauthenticated remote attacker can - in the worst-case - block a Hetzner customer's server Internet access and take all services offline (denial of service) until the block is removed. If a host has multiple source IP addresses only the actually used source IP address is blocked. The integrity and confidentiality of the system is NOT affected. Timeline ======== * 2026-01-04: Advisory is sent to security(a)hetzner.com - including the intended release date of the advisory (2026-02-05). * 2026-01-13: Asked Hetzner for an update via email * 2026-01-27: Sent Advisory to bsi.bund.de * 2026-01-28: Hetzner answered: According to Hetzner it is a customer responsibility to deal with this. * 2026-01-28: We asked Hetzner to clarify how their customers should mitigate this risk if it is their responsibility (no answer). * 2026-02-06: Reply from Hetzner stating that this can not be exploited via source IP spoofing - which we did not claim. * 2026-02-06: We offer a call to clarify the issue * 2026-02-06: Hetzner reply: they will get back to us on 2026-02-10 * 2026-02-06: Advisory publication is postponed due to ongoing emails. * 2026-02-10: Clarify that no source IP address spoofing is involved. * 2026-02-12: Asked Hetzner if they have any further questions and if they have any feedback on the advisory release date (no answer). * 2026-03-01: Advisory is released. Credits ======== We did not discover this and we do not take any credits for the discovery of this issue. This issue got discovered because the Netscan detection also got triggered during BGP outages where some IP prefixes were no longer visible via BGP. Some Hetzner customers were affected by these BGP outages causing Netscan detections.

1 0

No. of connections according to nyx
by tor＠busybear.se 01 Mar '26

01 Mar '26

Hello! I would like to know what is considered a normal amount of connections and what affects that? My exit 7BE9E2EF2BB41BB662D9A3CD68289B9E3DBF8A08 WYSWYG hovers around 4500 inbound, 4200 outbound and sometimes a few directory connections, according to nyx. Output in Mb varies, but increases with the normal lifespan of relays. Is this important, will this increase over time, thus generate more traffic, or does it matter? From what I remember, this have been roughly the same during the lifetime of this relay, no matter what connection speed (5Mb - 1Gb) or which machine I've been running. No restrictions in torrc, as far as I know; Nickname WYSWYG Contactinfo <tor AT busybear DOT se> ExitRelay 1 IPv6Exit 1 Log notice file /home/*/torlog SafeLogging 1 ProtocolWarnings 1 RunAsDaemon 1 ControlPort 9051 CookieAuthentication 1 CookieAuthFileGroupReadable 1 CookieAuthFile /home/*/Downloads/control_auth_cookie ConnDirectionStatistics 1 ExtraInfoStatistics 1 DirPort 65534 ORPort 65535 NumCPUs 6 Any comments or suggestions are welcome! Cheers! //Bamse

1 0

Hibernate vs 10 Mbps throttle when bandwidth cap exceeded
by forest-relay-contact＠cryptolab.net 01 Mar '26

01 Mar '26

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello. Many server providers have a monthly bandwidth limit. It's easy enough to deal with that by using the AccountingMax option so that Tor will hibernate when it reaches the bandwidth cap to avoid service suspension. I run a relay on a provider that, rather than suspending the service, simply throttles the bandwidth to 10 Mbps until the next month when the 8 TB/month traffic cap is reset. I run through that traffic in just half a month, so the relay is only operational 50% of the time. But 10 Mbps is not nothing. What should I do here? I can think of a few options: 1. Set AccountingMax and let the relay hibernate like normal, ensuring that, whenever it is on, it can achieve maximum performance. The "free" 10 Mbps bandwidth can then be used for other things, such as I2P which does not have a ramp-up period. 2. Keep the relay running, relaying up to 1.5 TB/month extra for free, but with the caveat that the relay suddenly becomes overloaded each time it reaches the 8 TB mark until the consensus weight falls. 3. Shortly before the bandwidth cap is exceeded, automatically adjust the torrc to include "MaxAdvertisedBandwidth 10 Mbits", and remove it when the bandwidth cap resets. What is a reasonable thing to do here? Regards, forest -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQtr8ZXhq/o01Qf/pow+TRLM+X4xgUCaY/3wQAKCRAw+TRLM+X4 xtgQAQC2HWAGe7tcmuOGu2v/473IQC9lWHL03lUUpuJPSpGZpwD+LItXaqzV4vPy phr/rC4LNDZ1AY8m2ZuTzd4MwsVpsgI= =c+pq -----END PGP SIGNATURE-----

3 3

Hetzner abuse reports
by Christian Kujau 01 Mar '26

01 Mar '26

Greetings, I'm running a Tor relay (0.4.8.21 on FreeBSD) on a small VM hosted by Hetzner and received an abuse report from them. Although this kinda looks like the topic "Hetzner Netscan False Positives" that was discussed recently[0], I have not found out who initiated the report to Hetzner and I'm also puzzled by the distinct destination addresses. And I also thought it might be good to report this publicly that these reports are still an issue for relay operators. The report is bascially: ------------------- We have indications that an attack has been conducted from your server. Netscan detected from host <my-ip-address> TIME (UTC) SRC SRC-PORT -> DST DST-PORT SIZE PROT -------------------------------------------------------------------- 2026-02-28 11:14:23 xxx 48905 -> xxx.xx.116.12 443 74 TCP 2026-02-28 11:14:24 xxx 48905 -> xxx.xx.116.13 9004 74 TCP 2026-02-28 11:14:12 xxx 23292 -> xxx.xx.116.32 9002 74 TCP [...] ------------------- In the attached report I can find ~500 entries, spanning across 5 minutes, with my address as "source" and several desination addresses that can be grouped into three entities: * 5 entries for UDP traffic to the Xerox Corporation, at least according to whois. Weird, but then again: UDP, spoofable, and I did not consider these 5 entries relevant enough to investigate further. * 5 entries for UDP traffic to 198.18.0.1 -- which is a bogon address, used for RFC 2544 and should not be routed anyway. Weird, that this would show up in their abuse report. * The remaining entries point to network addresses in a /24 network. whois points to a RIPE assignment, and querying RIPE directly for these addresses, they are all marked as "TOR EXIT". So, clearly these addresses are part of the Tor network and I fail to understand who contacted Hetzner, complaining that my relay node contacted...other Tor nodes? Or is it a bad actor, disguising as a "TOR EXIT" and then sending abuse reports to the hosting companies? Does anyone have an idea what to make of this report? Thanks, Christian. [0] https://lists.torproject.org/mailman3/hyperkitty/list/tor-relays@lists.torp… -- BOFH excuse #217: The MGs ran out of gas.

1 0

big german provider "Deutsche Telekom" has started blocking access to their SIP servers
by iji＠gmx.net 28 Feb '26

28 Feb '26

Hi a big German provider "Deutsche Telekom" has started blocking access (at TCP layer) to their SIP servers in February 2026. That means running a middle tor on this provider line results in a non-functional provider SIP service. You have to choose between running a middle tor or a working provider SIP service.

9 19

Happy Families migration status dashboard
by Tor at 1AEO 24 Feb '26

24 Feb '26

To help answer “what still needs to happen before the network can rely on Happy Families (and eventually stop depending on MyFamily)?”, we put together a small public dashboard that tracks the main rollout gates: https://metrics.1aeo.com/network-health.html#happy-families High-level flow: 1) Voting directory authorities upgrade (v0.4.9.x+) DAs need to be on v0.4.9.x+ so the network can move forward with the newer directory protocol pieces. 2) Consensus method moves to 35 Once a >2/3 voting DA majority supports method 35 (7/9), the consensus can adopt it. 3) Relays publish Happy Families material Relay families configure FamilyId so relays publish family-cert, which lets directory documents/micro descriptors carry the happy families identifier information. 4) Clients upgrade and use it As Tor clients (Tor Browser, tor, etc.) widely consume happy families identifiers, then deprecating MyFamily becomes possible. The dashboard shows live counts for DA readiness (v0.4.9.x+ and method-35 support), current consensus method, relay publication (family-cert), and a few “how much of the network is ready” slices (guards/exits/CW/bandwidth). References: - Relay operator guide (FamilyId / Happy Families setup): https://community.torproject.org/relay/setup/post-install/family-ids/ - Proposal 321: https://spec.torproject.org/proposals/321-happy-families.html Feedback welcome—especially if there are other readiness signals you’d like to track, or if you spot anything that looks off for your relays. On Tuesday, February 3rd, 2026 at 5:00 AM, Alexander Hansen Færøy via tor-relays <tor-relays(a)lists.torproject.org> wrote: > On 02/02/2026 22.36, tor_appliedprivacy.net via tor-relays wrote: > > Today we enabled the happy family setup across all our relays. > > > > Since all our relays run in a single /24 we also removed MyFamily at the > > same time. This should help reduce the overhead introduced by MyFamily. > > This is not what any of us on the Network Team are recommending right now, but > if others think this is a good idea despite that: please ensure that your IPv6 > addresses, at the very least, are also within the same /32 in addition to the > /16 requirement for IPv4. I am almost certain that is always the case, but > please just be sure before you proceed. > > We are very interested in hearing feedback on the 0.4.9.4-rc release candidate > and in resolving any issues before we stabilize 0.4.9. Maybe the above approach > will reveal some issues :-) > > Cheers, > Alex > > -- > Alexander Hansen Færøy > _______________________________________________ > tor-relays mailing list -- tor-relays(a)lists.torproject.org > To unsubscribe send an email to tor-relays-leave(a)lists.torproject.org >

1 0

Question about Tor relay guard/middle probability fluctuations
by Tor-relay 23 Feb '26

23 Feb '26

Hi everyone, I have a question regarding my Tor relay’s lifecycle. Since the beginning, I have noticed that the guard and middle probabilities fluctuate significantly. I have not observed this behavior when comparing with other operators’ relays. After some time, the relay receives the Guard flag and the middle probability decreases, later it loses the Guard flag and the middle probability increases again. I waited for a long time to see whether this would stabilize, but the behavior has remained unchanged. I would like to ask what the possible reasons for this could be, and whether it might be related to my configuration. Relay fingerprint: 8E6E3B11C9AD2E9E3B3FC53A4E43D1AE3BEBE444 Tor metrics link: https://metrics.torproject.org/rs.html#details/8E6E3B11C9AD2E9E3B3FC53A4E43… Thank you in advance. P.S. If you check the relay statistics, please ignore the low consensus weight and probabilities during the last month, that was caused by my own mistake.

3 3

the case for relay state persistency
by Gilberto 23 Feb '26

23 Feb '26

Hello everyone, In our diskless infrastructure [0][1], we store all configurations generated by the node inside the TPM's memory. These memories are very limited (1-9k), but more than sufficient for saving the long-term keys of the relays. However, we have a problem: when rebooting the machines, we lose the state file and, with it, the bandwidth measurements of the various relays. This is quite annoying because upon reboot, our relays all start up announcing 0 B/s, and it takes them days to regain their bandwidth. Unfortunately, these files are too large to be stored in the TPM. We would like to be able to generate the BWHistory configurations based on some arbitrary values that we write into the node configurations, and then let the node handle redoing the measurements upon reboot. However, among all the configurations, it's not clear to us which ones are important for our needs and which others we can leave empty. In general, we would like to open a discussion, in view of Arti, about the organization of the datadir. Currently, it's not very clear which files are important for runtime, which are for persistence, etc. From our point of view, it would be quite useful to be able to group persistent data into just a few files, for example, one for all keys and one for states/configurations. Thank you, g [0]: https://osservatorionessuno.org/blog/2025/05/patela-a-basement-full-of-amne… [1]: https://osservatorionessuno.org/blog/2025/12/patela-v2-from-certificates-to…

4 4