[tor-relays] Tor 2.6.10 fails to generate fresh DH Keys

starlight.2015q2 at binnacle.cx starlight.2015q2 at binnacle.cx
Sat Aug 1 17:06:55 UTC 2015

>Bug: Assertion r == 0 failed in crypto_generate_dynamic_dh_modulus at ../src/common/crypto.c:1788.

Looks like you have DynamicDHGroups enabled
in your torrc file.

This is interesting because the recent
LogJam research indicates the NSA
has probably broken commonly used 1024
bit DH groups, which suggests turning
on this parameter.

However it was disabled by default some
time ago for anti-fingerprinting reasons:


AND, it's probably a moot issue now that Ntor
handshakes (elliptic curve) have overtaken
older RSA connections.

So you should delete 

  DynamicDHGroups 1

from torrc and let it be disabled
by default.

More information about the tor-relays mailing list