Hi, all! I just sent a release announcement to the tor-announce mailing list. If you're not on that mailing list, you should subscribe; it is very low-volume. https://lists.torproject.org/pipermail/tor-announce/2014-October/000096.html Synopsis: There is a new stable out. Some packages are up-to-date, more packages should be up-to-date over the next week. Usually I don't announce a stable till there are packages, but people have been asking me about this one, and I'd rather have an official release announcement than a series of weird rumors. yrs, -- Nick
On Sat, 25 Oct 2014 13:21:01 -0400 Nick Mathewson <nickm@freehaven.net> wrote:
Synopsis: There is a new stable out. Some packages are up-to-date, more packages should be up-to-date over the next week. Usually I don't announce a stable till there are packages, but people have been asking me about this one, and I'd rather have an official release announcement than a series of weird rumors.
Greetings, I first updated from 0.2.4.24 to 0.2.5.9rc and then to 0.2.5.10 as the packages hit the repositories. In both cases my notice log is now showing 0 NTor handshakes: Tor 0.2.5.9-rc (git-067214faa586161d) opening new log file. ... Circuit handshake stats since last time: 427379/427386 TAP, 0/0 NTor. Circuit handshake stats since last time: 349975/349975 TAP, 0/0 NTor. ... Tor 0.2.5.10 (git-8515d47dcb46b53d) opening new log file. ... Circuit handshake stats since last time: 298286/298286 TAP, 0/0 NTor. Circuit handshake stats since last time: 237567/237567 TAP, 0/0 NTor. ... Is this expected behaviour? br
On Sun, Oct 26, 2014 at 12:49:10AM +0200, goll@kset.org wrote:
I first updated from 0.2.4.24 to 0.2.5.9rc and then to 0.2.5.10 as the packages hit the repositories.
In both cases my notice log is now showing 0 NTor handshakes:
Tor 0.2.5.9-rc (git-067214faa586161d) opening new log file. ... Circuit handshake stats since last time: 427379/427386 TAP, 0/0 NTor. Circuit handshake stats since last time: 349975/349975 TAP, 0/0 NTor. ...
Tor 0.2.5.10 (git-8515d47dcb46b53d) opening new log file. ... Circuit handshake stats since last time: 298286/298286 TAP, 0/0 NTor. Circuit handshake stats since last time: 237567/237567 TAP, 0/0 NTor.
Is this expected behaviour?
No, this is unusual. Which relay are you? Which package exactly? I'm guessing you're using the deb? Which OS? What CPU architecture? The next question would be whether you somehow disabled your curve25519 support -- but I don't know how to easily check that with the deb. --Roger
Which package exactly? I'm guessing you're using the deb? Which OS? What CPU architecture?
No, using the rpm, CentOS 6, x86_64.
The next question would be whether you somehow disabled your curve25519 support -- but I don't know how to easily check that with the deb.
Found this link. could it be distribution related? http://www.denniswinter.de/compiling-tor-crashes-on-centos-at-curve25519-don... And also, I'm running my system in FIPS mode, but that shouldn't impact curve25519, it's mainly to disable insecure algorithms like md5. br
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/26/2014 9:06 AM, goll wrote:
Which package exactly? I'm guessing you're using the deb? Which OS? What CPU architecture?
No, using the rpm, CentOS 6, x86_64.
The next question would be whether you somehow disabled your curve25519 support -- but I don't know how to easily check that with the deb.
Found this link. could it be distribution related? http://www.denniswinter.de/compiling-tor-crashes-on-centos-at-curve25519-don...
And also, I'm running my system in FIPS mode, but that shouldn't impact curve25519, it's mainly to disable insecure algorithms like md5.
br
Please note that CentOS is using the OpenSSL custom version from their upstream distro which is Red Hat Enterprise. Red Hat strips some things from the ordinary OpenSSL package we use in Debian, including some curves. I don't know about curve25519 especially, since I am on Debian and FreeBSD mostly, but I know for sure that CentOS lacks some EC curves. I have tried to configure a bitcoin wallet on CentOS 7 few months ago and I couldn't install it as it comes 'out of the box' because it was missing the curve bitcoin requires to perform ECDSA. Does this help? https://trac.torproject.org/projects/tor/ticket/9699 There has to be someone else running a Tor relay on CentOS here, maybe we can hear from them how their relays are performing.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUTNFnAAoJEIN/pSyBJlsRwrAH/1SpWw+Rre0pkBvrvBVkomhS owGGxk3k+vJPUJ5RGMRHak1epXlT2J/zjkf17S5V3nmLejNPV2Clj1BsyO5ULPm2 mGrQHdnuwgvhOw1xPFR7DvlsVZ1JUZrd2MGMSoohKhmi90RwlnTOJYTuvppJbjnj 0xelzsSuejElZhTyB3/3L6rhCEpWjhSXb4E5OvtwMREVJSsA3FNBem842T8kMvE6 n0q5Pay8+5dLVR3/fN7P9sQfMnVlIeNuLldhq9v09qwxYsjvjNlB1zViVXrRXaNG z9EkHyH6UzveKr5syjsAm6a2WwtZ2IHoLp6tkwxehqUVhC6SsCpkzN56GT/W+G0= =BALY -----END PGP SIGNATURE-----
On Sun, Oct 26, 2014, at 06:48 AM, s7r wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/26/2014 9:06 AM, goll wrote:
Which package exactly? I'm guessing you're using the deb? Which OS? What CPU architecture?
No, using the rpm, CentOS 6, x86_64.
The next question would be whether you somehow disabled your curve25519 support -- but I don't know how to easily check that with the deb.
Found this link. could it be distribution related? http://www.denniswinter.de/compiling-tor-crashes-on-centos-at-curve25519-don...
And also, I'm running my system in FIPS mode, but that shouldn't impact curve25519, it's mainly to disable insecure algorithms like md5.
br
Please note that CentOS is using the OpenSSL custom version from their upstream distro which is Red Hat Enterprise. Red Hat strips some things from the ordinary OpenSSL package we use in Debian, including some curves. I don't know about curve25519 especially, since I am on Debian and FreeBSD mostly, but I know for sure that CentOS lacks some EC curves. I have tried to configure a bitcoin wallet on CentOS 7 few months ago and I couldn't install it as it comes 'out of the box' because it was missing the curve bitcoin requires to perform ECDSA.
Does this help? https://trac.torproject.org/projects/tor/ticket/9699
There has to be someone else running a Tor relay on CentOS here, maybe we can hear from them how their relays are performing. [...]
Hi, I'm also running a relay on CentOS 6.5 on x86_64, with tor installed from the rpm. My logs also show 0 NTor handshakes since I upgraded to 0.2.5.9-rc (and later to 0.2.5.10). I just tried compiling 0.2.5.10 (giving configure --enable_curve25519), and it compiled successfully, and 'make test' showed it passing a series of curve25519 tests. I'll probably try running the version I compiled and check the NTor counts on that one. Cheers, -- Michael
It would be nice if Tor had an option to display the flags it was compiled with. -Pascal On 10/26/2014 1:48 PM, Toralf Förster wrote:
On 10/26/2014 07:21 PM, Michael Kelly wrote:
0.2.5.9-rc (and later to 0.2.5.10). Because there's no code change (except the version string itself) between both version, the culprit must be located in the packaging method itself IMO.
On Sun, Oct 26, 2014, at 02:48 PM, Toralf Förster wrote:
On 10/26/2014 07:21 PM, Michael Kelly wrote:
0.2.5.9-rc (and later to 0.2.5.10). Because there's no code change (except the version string itself) between both version, the culprit must be located in the packaging method itself IMO.
What I meant to say was that the NTor handshake counter was 0 for me on both those versions. NTor handshake counter was nonzero only on the previous version, 0.2.4.24. -- Michael
On Sun, Oct 26, 2014, at 02:21 PM, Michael Kelly wrote: [...]
Hi,
I'm also running a relay on CentOS 6.5 on x86_64, with tor installed from the rpm. My logs also show 0 NTor handshakes since I upgraded to 0.2.5.9-rc (and later to 0.2.5.10).
I just tried compiling 0.2.5.10 (giving configure --enable_curve25519), and it compiled successfully, and 'make test' showed it passing a series of curve25519 tests. I'll probably try running the version I compiled and check the NTor counts on that one.
NTor handshake counter is again nonzero on the version of Tor I compiled myself, which identifies itself simply as "Tor 0.2.5.10" in the log. (I got the source from <https://www.torproject.org/dist/tor-0.2.5.10.tar.gz>.) This was with: CentOS 6.5 x86_64 OpenSSL 1.0.1e-fips 11 Feb 2013 (from CentOS package) gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-4) I did nothing special to compile it -- just "configure --enable_curve25519" (apparently --enable_curve25519 is the default anyway), "make", "make install". -- Michael
participants (8)
-
goll -
goll@kset.org
-
Michael Kelly -
Nick Mathewson -
Pascal -
Roger Dingledine -
s7r -
Toralf Förster