[tor-dev] Is it time to drop support for the v1/v2 protos?

Tom van der Woerdt info at tvdw.eu
Sat Dec 27 14:38:28 UTC 2014


Hi all,

After reading the Tor spec [1] I did some digging and realized that the 
old handshakes and link protocols (v1 (certs up-front) and v2 
(renegotiation)) are not used anymore as of 0.2.3.6-alpha which 
introduced link proto v3.

Supporting v1 and v2 requires (among other things) supporting SSLv3 
which (imho) should be deprecated everywhere.

This makes me wonder why Tor still supports these: is it for 
compatibility with even older versions (consensus health says no) or are 
there other reasons? If someone were to invest a couple of hours and 
remove all support for them from the Tor code and the Tor spec, would 
this hurt the network or would it be a welcome patch?

Tom


[1] https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3729 bytes
Desc: S/MIME-cryptografische ondertekening
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141227/1080b411/attachment.bin>


More information about the tor-dev mailing list