Bug: Assertion r == 0 failed in crypto_generate_dynamic_dh_modulus at ../src/common/crypto.c:1788.
Looks like you have DynamicDHGroups enabled in your torrc file.
This is interesting because the recent LogJam research indicates the NSA has probably broken commonly used 1024 bit DH groups, which suggests turning on this parameter.
However it was disabled by default some time ago for anti-fingerprinting reasons:
https://trac.torproject.org/projects/tor/ticket/5598
AND, it's probably a moot issue now that Ntor handshakes (elliptic curve) have overtaken older RSA connections.
So you should delete
DynamicDHGroups 1
from torrc and let it be disabled by default.
On Sat, 01 Aug 2015 13:06:55 -0400 starlight.2015q2@binnacle.cx wrote:
Bug: Assertion r == 0 failed in crypto_generate_dynamic_dh_modulus at ../src/common/crypto.c:1788.
Looks like you have DynamicDHGroups enabled in your torrc file.
Yes. Don't use it. It's kind of pointless since it only affects TLS cyphersuites that shouldn't get negotiated in the first place.
This is interesting because the recent LogJam research indicates the NSA has probably broken commonly used 1024 bit DH groups, which suggests turning on this parameter.
Sigh. There's no point because any sensible build of Tor will negotiate ECDHE over DHE when doing the TLS handshake (which is the only thing this option applies to).
Note: "any sensible build" basically is anything moderately recent, linked against OpenSSL >= 1.0.0 (If your vendor OpenSSL is older than that, 0.2.7.2-alpha and later will refuse to build, so users may as well start thinking of a migration path.).
However it was disabled by default some time ago for anti-fingerprinting reasons:
The feature is flat out deprecated in 0.2.7.1-alpha and later, in the "The code that implemented it was removed" sense of "deprecated".
https://trac.torproject.org/projects/tor/ticket/13736
AND, it's probably a moot issue now that Ntor handshakes (elliptic curve) have overtaken older RSA connections.
This has nothing to do with TAP vs ntor, and only affects TLS.
Apologies for my fuzziness regarding the handshake type vs connection TLS level as independent and other detail.
But I did have an approximation of the correct idea. . .made the right recommendation.
On 01.08.2015 19:06, starlight.2015q2@binnacle.cx wrote:
Bug: Assertion r == 0 failed in crypto_generate_dynamic_dh_modulus at ../src/common/crypto.c:1788.
Looks like you have DynamicDHGroups enabled in your torrc file.
Correct, its set.
However it was disabled by default some time ago for anti-fingerprinting reasons:
I also found this one here: https://trac.torproject.org/projects/tor/ticket/13736
I think I have missed this one. I can remember that I have activated DDHG some time ago.
So you should delete
DynamicDHGroups 1
from torrc and let it be disabled by default.
Its disabled now, startup is running fine. Thanks for you help!
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
cyb3rwr3ck -
starlight.2015q2@binnacle.cx -
Yawning Angel