[tor-dev] Is it time to drop support for the v1/v2 protos?
Tom van der Woerdt
info at tvdw.eu
Mon Dec 29 20:33:17 UTC 2014
Nick Mathewson schreef op 29/12/14 om 00:50:
> On Sat, Dec 27, 2014 at 9:38 AM, Tom van der Woerdt <info at tvdw.eu> wrote:
>> Hi all,
>> After reading the Tor spec  I did some digging and realized that the old
>> handshakes and link protocols (v1 (certs up-front) and v2 (renegotiation))
>> are not used anymore as of 0.2.3.6-alpha which introduced link proto v3.
>> Supporting v1 and v2 requires (among other things) supporting SSLv3 which
>> (imho) should be deprecated everywhere.
>> This makes me wonder why Tor still supports these: is it for compatibility
>> with even older versions (consensus health says no) or are there other
>> reasons? If someone were to invest a couple of hours and remove all support
>> for them from the Tor code and the Tor spec, would this hurt the network or
>> would it be a welcome patch?
> There are already a couple of tickets for removing these, and I would
> like to see them go. The master ticket is
> (The fact that this ticket is in the 0.2.6 milestone does *not* mean
> it will automatically get finished in 0.2.6! If somebody writes good
> patches, then the odds would go up a lot.)
> One thing that we would need to think about here is the behavior of
> any zombie 0.2.2 clients and servers that are still lying around. If
> they just stop connecting to Tor, great. But if they do something
> obnoxious like fail to connect and then retry repeatedly, we would
> need to design our code here so as not to inadvertently turn all these
> non-functional clients and servers into a DDoS botnet against Tor. :)
> In any case, removing client-side support for these protocol versions
> is a definite "yes, let's do that". Removing server-side support
> would need a little safety testing, but I'd take a patch for that too.
I spent some time writing a patch that removes v1 of the link protocol
from both the server and client, and so far it seems to work nicely: the
code compiles nicely, all test cases pass, and the resulting binary has
relayed a few gigabytes of data without any problems.
As I didn't really have a place to put the branch, I uploaded it to
It's a rather large patch, though not as large as the patch that will
remove v2 of the protocol. However, before I write that one, can someone
please check whether my patch is sane and I'm not violating any
standards or policies?
More information about the tor-dev