On 17 Dec. 2016, at 06:19, Ivan Markin <twim@riseup.net> wrote:

o TLS connection is not going to terminate if no circuits left on it*

[*] I may be wrong about it. It holds true from my experience.

It takes about a week for a TLS connection to close if there is traffic on it, or a few minutes if there is no traffic: Relays close circuits with no streams and no traffic on then after a minute in circuit_expire_old_circuits_serverside. Old TLS connections in tor are marked not to be used for new circuits after 7 days in connection_or_group_set_badness_. Most client circuits last a maximum of 10 minutes (longer if they are being used, or for hidden service introduction point circuits, which last up to 24 hours) in circuit_expire_old_circs_as_needed. (As an aside, TLS certificates are rotated every 2 hours in rotate_x509_certificate_callback.) T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------

On 19 Dec. 2016, at 17:03, Ivan Markin <twim@riseup.net> wrote:

teor:

...

It takes about a week for a TLS connection to close if there is traffic on it, or a few minutes if there is no traffic: ... Old TLS connections in tor are marked not to be used for new circuits after 7 days in connection_or_group_set_badness_.

Thanks for the clarification! Though I can't see how do these two intersect. What is a path for TLS to close in "a few minutes if there is no traffic"? If there is no traffic (no circuits) on top of a TLS connection it still can be used in next 7 days, right?

I'm pretty sure tor will close the connection, then reopen it when it is needed by another circuit. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------