[tor-relays] Outdated relay versions are they secure to use?
Matt Traudt
pastly at torproject.org
Tue Apr 3 14:57:26 UTC 2018
On 4/3/18 10:49, Gary wrote:
> Hello.
>
> Go to https://check.torproject.org > "...for more info about this
> relay...relay search" link
>
> If I receive a message saying this relay uses an outdated version does
> that mean that my traffic is any less secure?
>
> Does Tor take potentially insecure relay versions in to account when
> creating circuits?
>
> Thanks
>
The full text of the warning is
> This relay is running a version of Tor that is not recommended. It is
most likely too old and may be missing important security fixes. If this
is the case, and this is your relay, you should update it as soon as
possible. Development versions (versions that are too new) will also
trigger this warning message (see bug #24256).
So it *might* "make your traffic less secure, but in practice, I'm don't
think super serious bugs pop up that often.
For example, if TROVE-2018-002 as described here[0] is really only
capable of crashing a relay, then I wouldn't say your traffic is less
secure because you're using a relay on 0.3.2.9 instead of 0.3.2.10.
No Tor does not take relays' versions into account when it builds circuits.
Matt
[0]:
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
More information about the tor-relays
mailing list