SOCKS 4a or SOCKS 5 when using Polipo?
Robert Ransom
rransom.8774 at gmail.com
Sun Nov 21 13:03:08 UTC 2010
On Sun, 21 Nov 2010 11:48:59 +0000
Matthew <pumpkin at cotse.net> wrote:
> Hello,
>
> According to the Tor manual
> (https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#IkeepseeingthesewarningsaboutSOCKSandDNSandinformationleaks.ShouldIworry)
> one should use SOCKS 4a.
>
> AIUI, Polipo or Privoxy are used as HTTP proxies which then allow the
> client (Firefox) to "speak" to Tor as SOCKS 4a (therefore providing
> hostnames rather than already resolved IP addresses as with SOCKS 4 or 5).
That was the original reason to use an HTTP proxy between Firefox and
Tor. Firefox can now be configured to resolve hostnames using the
SOCKS proxy -- set the ‘network.proxy.socks_remote_dns’ option in
about:config to ‘true’, or use Torbutton, which automatically sets that
option.
The current reason to use an HTTP proxy between Firefox and Tor is that
Firefox has an inappropriately short, hard-coded timeout for
connections through SOCKS proxies. See
<https://bugzilla.mozilla.org/show_bug.cgi?id=280661>.
> I therefore do not understand why in the Tor version of the Polipo
> configuration file
> (https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf)
> it says:
>
> # Uncomment this if you want to use a parent SOCKS proxy:
>
> socksParentProxy = "localhost:9050"
> socksProxyType = socks5
Like the SOCKS 4A protocol, the SOCKS 5 protocol allows clients to
specify a hostname instead of an IP address, and Polipo does so. Other
clients, including Firefox with the (well-hidden) socks_remote_dns
option turned off, may not specify a hostname to a SOCKS 5 server.
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20101121/9e9cae14/attachment.pgp>
More information about the tor-talk
mailing list