On 01.08.2015 19:06, starlight.201...@binnacle.cx wrote:
>> Bug: Assertion r == 0 failed in crypto_generate_dynamic_dh_modulus at
>> ../src/common/crypto.c:1788.
>>
> Looks like you have DynamicDHGroups enabled
> in your torrc file.
Correct, its set.
> However it was disabled by default some
> tim
In the next-above thread I had mistakenly
conflated relay handshakes and 'openssl'
TLS negotiations, which are it seems
entirely independent. Thanks to Yawning
for correcting that misconception.
TLS encryption protects the relay-to-relay
conversation protocol if I understand
correctly, while cell
I wonder if you could just run sslyze (or another TLS scanning tool)
on the OR ports of all the relays, and see what ciphersuites they
accept.
It won't be exactly symmetric - I'm not sure (one can investigate the
code though) if those same ciphersuites will be the ones offered in a
relay -> relay
FYI list
https: // torstatus DOT blutmagie DOT de
is registering relays running 0.2.7.2 as
having zero bandwidth.
I believe this is because the
write-history
read-history
lines in
extra-info
have moved from the top down to the
middle of the document.
Many super-fast relays running
At 08:26 8/2/2015 -0700, you wrote:
>It also may not tell you their ordering
>preference (but it might! again,
>you'd have to look at the code.)
That "openssl s_client" test I ran was
against my 0.2.6.10 with openssl 1.0.2
relay.
It's certain that ECDHE is preferred over
DHE, but my thought is th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
I think that is to maintain a backward compatibility. Tor tries as
hard as possible to maintain backward compatibility with older
versions, unless something critical which requires deprecation
regardless some relays will disappear from the co
Of course! This is implicit in my posting.
What I am saying is that, like old v1/v2
handshakes, Tor should be moving in the
direction of eliminating DHE. The
way to approach that is to *count*
the number of DHE handshakes and
other TLS session attributes. This
is currently begin done for TOR/NT
At 08:26 8/2/2015 -0700, you wrote:
>I wonder if you could just run sslyze (or another
>TLS scanning tool) on the OR ports of all the
>relays, and see what ciphersuites they accept.
The info would be indicative, but it
would not reflect client-only Tor, which
represents the majority of installatio
