diff options
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | doc/spec/proposals/130-v2-conn-protocol.txt | 5 | ||||
| -rw-r--r-- | src/common/tortls.c | 6 |
3 files changed, 12 insertions, 7 deletions
@@ -5,6 +5,14 @@ Changes in version 0.2.0.20-?? - 2008-02-?? for bridge users. Also do this for people who set StrictEntryNodes. - When a TrackHostExits-chosen exit fails too many times in a row, stop using it. Bugfix on 0.1.2.x. Fixes bug 437. + - Enable the revised TLS handshake based on the one designed by + Steven Murdoch in proposal 124, as revised in proposal 130. It + includes version negotiation for OR connections as described in + proposal 105. The new handshake is meant to be harder for + censors to fingerprint, and it adds the ability to detect + certain kinds of man-in-the-middle traffic analysis attacks. + The version negotiation feature will allow us to improve Tor's + link protocol more safely in the future. o Major bugfixes: - Resolved problems with (re-)fetching hidden service descriptors. diff --git a/doc/spec/proposals/130-v2-conn-protocol.txt b/doc/spec/proposals/130-v2-conn-protocol.txt index 8a8ca492d6..5435dd19e1 100644 --- a/doc/spec/proposals/130-v2-conn-protocol.txt +++ b/doc/spec/proposals/130-v2-conn-protocol.txt @@ -17,7 +17,6 @@ Overview: Proposal 124: Blocking resistant TLS certificate usage It refers to aspects of: Proposal 105: Version negotiation for the Tor protocol - Proposal 110: Avoid infinite length circuits In summary, The Tor connection protocol has been in need of a redesign @@ -183,8 +182,4 @@ Proposal: as in proposal 105, and communications begin as per tor-spec.txt. Until NETINFO cells have been exchanged, the connection is not open. - RELAY_EARLY cells are accepted as in proposal 110, and treated as - RELAY cells except that they are relayed as RELAY_EARLY if the next - host in the circuit has negotiated v2 or later; otherwise, not. - Command value 9 is used for RELAY_EARLY. diff --git a/src/common/tortls.c b/src/common/tortls.c index 8690231e65..f33986a1e5 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -42,8 +42,10 @@ const char tortls_c_id[] = #include "ht.h" #include <string.h> -// #define V2_HANDSHAKE_SERVER -// #define V2_HANDSHAKE_CLIENT +/* Enable the "v2" TLS handshake. + */ +#define V2_HANDSHAKE_SERVER +#define V2_HANDSHAKE_CLIENT /* Copied from or.h */ #define LEGAL_NICKNAME_CHARACTERS \ |