[tor-commits] [tor/master] Change the default for DynamicDHGroups to 0

nickm at torproject.org nickm at torproject.org
Mon Jun 11 14:31:08 UTC 2012


commit 8a341cc429879e642862cb16a9de5da889867020
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Jun 6 12:00:04 2012 -0400

    Change the default for DynamicDHGroups to 0
    
    This feature can make Tor relays less identifiable by their use of the
    mod_ssl DH group, but at the cost of some usability (#4721) and bridge
    tracing (#6087) regressions.
    
    We should try to turn this on by default again if we find that the
    mod_ssl group is uncommon and/or we move to a different DH group size
    (see #6088).  Before we can do so, we need a fix for bugs #6087 and
    
    Resolves ticket #5598 for now.
---
 changes/bug5598 |    5 +++++
 doc/tor.1.txt   |    2 +-
 src/or/config.c |    2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/changes/bug5598 b/changes/bug5598
new file mode 100644
index 0000000..e8e6741
--- /dev/null
+++ b/changes/bug5598
@@ -0,0 +1,5 @@
+  o Changed defaults:
+    - Change the default value for DynamicDHGroups to 0. This feature can
+      make Tor relays less identifiable by their use of the mod_ssl DH
+      group, but at the cost of some usability (#4721) and bridge tracing
+      (#6087) regressions. Resolves ticket #5598.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 00371c3..f5e5b86 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -266,7 +266,7 @@ Other options can be specified either on the command-line (--option
     If this option is set to 1, when running as a server, generate our
     own Diffie-Hellman group instead of using the one from Apache's mod_ssl.
     This option may help circumvent censorship based on static
-    Diffie-Hellman parameters. (Default: 1).
+    Diffie-Hellman parameters. (Default: 0).
 
 **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
 
diff --git a/src/or/config.c b/src/or/config.c
index 090d96c..cf6ae84 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -257,7 +257,7 @@ static config_var_t _option_vars[] = {
   V(DisableAllSwap,              BOOL,     "0"),
   V(DisableDebuggerAttachment,   BOOL,     "1"),
   V(DisableIOCP,                 BOOL,     "1"),
-  V(DynamicDHGroups,             BOOL,     "1"),
+  V(DynamicDHGroups,             BOOL,     "0"),
   V(DNSPort,                     LINELIST, NULL),
   V(DNSListenAddress,            LINELIST, NULL),
   V(DownloadExtraInfo,           BOOL,     "0"),





More information about the tor-commits mailing list