[tor-dev] Is it time to drop support for the v1/v2 protos?
David Fifield
david at bamsoftware.com
Mon Jan 12 17:20:14 UTC 2015
On Mon, Jan 12, 2015 at 04:25:56PM +0100, Philipp Winter wrote:
> On Sat, Dec 27, 2014 at 03:38:28PM +0100, Tom van der Woerdt wrote:
> > After reading the Tor spec [1] I did some digging and realized that
> > the old handshakes and link protocols (v1 (certs up-front) and v2
> > (renegotiation)) are not used anymore as of 0.2.3.6-alpha which
> > introduced link proto v3.
> >
> > Supporting v1 and v2 requires (among other things) supporting SSLv3
> > which (imho) should be deprecated everywhere.
>
> I was curious about how many relays and clients still want to speak
> version 1 and 2. I patched one of my guard relays to keep statistics
> about the content of VERSIONS cells. Here's the result after almost
> three days. The numbers include relays as well as clients.
>
> Versions | Amount total | Amount w/o duplicate hosts
> ---------+---------------+---------------------------
> 1 and 2 | 34,648 (9%) | 21,552 (23%)
> 3 | 73,202 (18%) | 54,307 (59%)
> 3 and 4 | 291,807 (73%) | 16,235 (18%)
> 4 | 3 (0%) | 2 (0%)
Does "1 and 2" contradict section 4.1 or tor-spec.txt?
Since the version 1 link protocol does not use the
"renegotiation" handshake, implementations MUST NOT list version
1 in their VERSIONS cell.
Is it a bug that tor is including 1 in its VERSIONS cell?
I found this nice log message in the source code:
} else if (highest_supported_version == 1) {
/* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
* cells. */
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Used version negotiation protocol to negotiate a v1 connection. "
"That's crazily non-compliant. Closing connection.");
connection_or_close_for_error(chan->conn, 0);
return;
}
David Fifield
More information about the tor-dev
mailing list