[tor-dev] Is it time to drop support for the v1/v2 protos?

David Fifield david at bamsoftware.com
Mon Jan 12 17:20:14 UTC 2015


On Mon, Jan 12, 2015 at 04:25:56PM +0100, Philipp Winter wrote:
> On Sat, Dec 27, 2014 at 03:38:28PM +0100, Tom van der Woerdt wrote:
> > After reading the Tor spec [1] I did some digging and realized that
> > the old handshakes and link protocols (v1 (certs up-front) and v2
> > (renegotiation)) are not used anymore as of 0.2.3.6-alpha which
> > introduced link proto v3.
> > 
> > Supporting v1 and v2 requires (among other things) supporting SSLv3
> > which (imho) should be deprecated everywhere.
> 
> I was curious about how many relays and clients still want to speak
> version 1 and 2.  I patched one of my guard relays to keep statistics
> about the content of VERSIONS cells.  Here's the result after almost
> three days.  The numbers include relays as well as clients.
> 
>   Versions |  Amount total | Amount w/o duplicate hosts
>   ---------+---------------+---------------------------
>    1 and 2 |  34,648  (9%) | 21,552 (23%)
>          3 |  73,202 (18%) | 54,307 (59%)
>    3 and 4 | 291,807 (73%) | 16,235 (18%)
>          4 |       3  (0%) |      2  (0%)

Does "1 and 2" contradict section 4.1 or tor-spec.txt?

	Since the version 1 link protocol does not use the
	"renegotiation" handshake, implementations MUST NOT list version
	1 in their VERSIONS cell.

Is it a bug that tor is including 1 in its VERSIONS cell?

I found this nice log message in the source code:
  } else if (highest_supported_version == 1) {
    /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
     * cells. */
    log_fn(LOG_PROTOCOL_WARN, LD_OR,
           "Used version negotiation protocol to negotiate a v1 connection. "
           "That's crazily non-compliant. Closing connection.");
    connection_or_close_for_error(chan->conn, 0);
    return;
  }

David Fifield


More information about the tor-dev mailing list