[tor-relays] Tor 2.6.10 fails to generate fresh DH Keys
starlight.2015q2 at binnacle.cx
starlight.2015q2 at binnacle.cx
Sat Aug 1 17:06:55 UTC 2015
>Bug: Assertion r == 0 failed in crypto_generate_dynamic_dh_modulus at ../src/common/crypto.c:1788.
>
Looks like you have DynamicDHGroups enabled
in your torrc file.
This is interesting because the recent
LogJam research indicates the NSA
has probably broken commonly used 1024
bit DH groups, which suggests turning
on this parameter.
However it was disabled by default some
time ago for anti-fingerprinting reasons:
https://trac.torproject.org/projects/tor/ticket/5598
AND, it's probably a moot issue now that Ntor
handshakes (elliptic curve) have overtaken
older RSA connections.
So you should delete
DynamicDHGroups 1
from torrc and let it be disabled
by default.
More information about the tor-relays
mailing list