Clients no longer download descriptors for relays without ntor

2 files changed, 6 insertions, 0 deletions

diff --git a/changes/reject-tap b/changes/reject-tap
index 5b79485f9f..77ca63b46e 100644
--- a/changes/reject-tap
+++ b/changes/reject-tap
@@ -5,4 +5,6 @@
     - Relays make sure their own descriptor has an ntor key.
     - Authorites no longer trust the version a relay claims (if any),
       instead, they check specifically for an ntor key.
+    - Clients avoid downloading a descriptor if the relay version is
+      too old to support ntor.
       Fixes bug 19163; bugfix on 0.2.4.18-rc.
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 0dfb8afcce..61753e5da1 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -2272,6 +2272,10 @@ client_would_use_router(const routerstatus_t *rs, time_t now,
     /* We'd drop it immediately for being too old. */
     return 0;
   }
+  if (rs->version_known && !rs->version_supports_extend2_cells) {
+    /* We'd ignore it because it doesn't support ntor. */
+    return 0;
+  }
   return 1;
 }