diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/addrmap_error | 5 | ||||
| -rw-r--r-- | changes/bug3443 | 11 | ||||
| -rw-r--r-- | changes/bug6113 | 3 | ||||
| -rw-r--r-- | changes/bug6887 | 3 | ||||
| -rw-r--r-- | changes/bug7013 | 4 | ||||
| -rw-r--r-- | changes/bug7059a | 5 | ||||
| -rw-r--r-- | changes/bug7260 | 3 | ||||
| -rw-r--r-- | changes/bug7267 | 4 | ||||
| -rw-r--r-- | changes/bug7306 | 5 | ||||
| -rw-r--r-- | changes/dh_benchmarks | 3 | ||||
| -rw-r--r-- | changes/dirguards | 8 | ||||
| -rw-r--r-- | changes/dist-geoip6 | 3 | ||||
| -rw-r--r-- | changes/geoip-dec2012 | 3 | ||||
| -rw-r--r-- | changes/geoip-nov2012 | 3 | ||||
| -rw-r--r-- | changes/ipv6_exits | 18 | ||||
| -rw-r--r-- | changes/split_addressmap | 3 | ||||
| -rw-r--r-- | changes/task-6266 | 7 | ||||
| -rw-r--r-- | changes/tls_ecdhe | 26 |
18 files changed, 37 insertions, 80 deletions
diff --git a/changes/addrmap_error b/changes/addrmap_error deleted file mode 100644 index 17d9b54232..0000000000 --- a/changes/addrmap_error +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (controller): - - The ADDRMAP command can no longer generate an ill-formed error - code on a failed MAPADDRESS. It now says "internal" rather than - an English sentence fragment with spaces in the middle. Bugfix on - Tor 0.2.0.19-alpha. diff --git a/changes/bug3443 b/changes/bug3443 deleted file mode 100644 index 01896ffb38..0000000000 --- a/changes/bug3443 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes - - Alter circuit build timeout measurement to start at the point - where we begin the CREATE/CREATE_FAST step (as opposed to circuit - initialization). This should make our timeout measurements more - uniform. Previously, we were sometimes including ORconn setup time - in our circuit build time measurements. Fixes bug #3443. - - o Minor features - - If we have no circuits open, use a relaxed timeout (the 95-percentile - cutoff) until a circuit succeeds. This should allow Tor to succeed - building circuits if the network connection drastically changes. diff --git a/changes/bug6113 b/changes/bug6113 deleted file mode 100644 index 436243df09..0000000000 --- a/changes/bug6113 +++ /dev/null @@ -1,3 +0,0 @@ - o Trivial bugfixes: - - Fix log messages and comments to avoid saying "GMT" when we mean - "UTC". Fixes bug 6113. diff --git a/changes/bug6887 b/changes/bug6887 deleted file mode 100644 index df226d4ffb..0000000000 --- a/changes/bug6887 +++ /dev/null @@ -1,3 +0,0 @@ - o Removed code: - - Removed unused code to parse v1 directories and "running routers" - documents. Fixes bug 6887. diff --git a/changes/bug7013 b/changes/bug7013 deleted file mode 100644 index ba78520166..0000000000 --- a/changes/bug7013 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Add a new torrc option 'ServerTransportListenAddr' which allows - users to select the address where their pluggable transports - will listen for connections. diff --git a/changes/bug7059a b/changes/bug7059a deleted file mode 100644 index b0c0611705..0000000000 --- a/changes/bug7059a +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (controller): - - Allow an optional $ before the node identity digest in the - controller command GETINFO ns/id/<identity>, for consistency with - md/id/<identity> and desc/id/<identity>. - diff --git a/changes/bug7260 b/changes/bug7260 deleted file mode 100644 index 8eb54c381a..0000000000 --- a/changes/bug7260 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Compile on win64 using mingw64. Fixes bug 7260; patches from "yayooo". - diff --git a/changes/bug7267 b/changes/bug7267 deleted file mode 100644 index 7089329f4f..0000000000 --- a/changes/bug7267 +++ /dev/null @@ -1,4 +0,0 @@ - - Major bugfixes - o Call channel_mark_for_close() rather than connection_mark_for_close() - in hibernate_go_dormant() when closing an or_connection_t. Fixes bug - 7267. diff --git a/changes/bug7306 b/changes/bug7306 deleted file mode 100644 index 949cc6037d..0000000000 --- a/changes/bug7306 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a crash when debugging unit tests on windows: deallocate a - shared library with FreeLibrary, not CloseHandle. Fixes bug #7306; - bugfix on 0.2.2.17-alpha. Reported by "ultramage". - diff --git a/changes/dh_benchmarks b/changes/dh_benchmarks new file mode 100644 index 0000000000..2301995a74 --- /dev/null +++ b/changes/dh_benchmarks @@ -0,0 +1,3 @@ + o Minor features (testing): + - Add benchmarks for DH (1024-bit multiplicative group) and ECDH + (P-256) diffie-hellman handshakes to src/or/bench. diff --git a/changes/dirguards b/changes/dirguards new file mode 100644 index 0000000000..942ae6c24f --- /dev/null +++ b/changes/dirguards @@ -0,0 +1,8 @@ + o Major features: + - Preliminary support for directory guards: when possible, + clients now use guards for non-anonymous directory requests. + This can help prevent client enumeration. Note that this + behavior only works when we have a usable consensus directory: + and when options about what to download are more or less + standard. Implements proposal 207; closes ticket 6526. + diff --git a/changes/dist-geoip6 b/changes/dist-geoip6 deleted file mode 100644 index 2f2bf8f99f..0000000000 --- a/changes/dist-geoip6 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Distribute and install the geoip6 IPv6 GeoIP database. Bugfix - on 0.2.4.6-alpha. diff --git a/changes/geoip-dec2012 b/changes/geoip-dec2012 deleted file mode 100644 index 26431c2e8a..0000000000 --- a/changes/geoip-dec2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the December 5 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-nov2012 b/changes/geoip-nov2012 deleted file mode 100644 index 22e7bace58..0000000000 --- a/changes/geoip-nov2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the November 7 2012 Maxmind GeoLite Country database. - diff --git a/changes/ipv6_exits b/changes/ipv6_exits deleted file mode 100644 index 97af7512ee..0000000000 --- a/changes/ipv6_exits +++ /dev/null @@ -1,18 +0,0 @@ - o Major features: - - - Tor now has (alpha) support for exiting to IPv6 addresses. To - enable it as an exit node, make sure that you have IPv6 - connectivity, set the IPv6Exit flag to 1. Also make sure your - exit policy reads as you would like: the address * applies to - all address families, whereas *4 is IPv4 address only, and *6 - is IPv6 addresses only. On the client side, you'll need to - wait till the authorities have upgraded, wait for enough exits - to support IPv6, apply the "IPv6Traffic" flag to a SocksPort, - and use Socks5. Closes ticket 5547, implements proposal 117 as - revised in proposal 208. - - We DO NOT recommend that clients with actual anonymity needs - start using IPv6 over Tor yet: not enough exits support it - yet, and there are some DNS-caching related issues that need - to be solved first. - diff --git a/changes/split_addressmap b/changes/split_addressmap deleted file mode 100644 index 9f377c5553..0000000000 --- a/changes/split_addressmap +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Move the client-side address-map/virtual-address/DNS-cache code - out of connection_edge.c into a new addressmap.c module. diff --git a/changes/task-6266 b/changes/task-6266 deleted file mode 100644 index e7f0509051..0000000000 --- a/changes/task-6266 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features: - - Use a script to replace "A1" ("Anonymous Proxy") entries in our - geoip file with real country codes. This script fixes about 90% of - "A1" entries automatically and uses manual country code assignments - to fix the remaining 10%. See src/config/README.geoip for details. - Fixes #6266. - diff --git a/changes/tls_ecdhe b/changes/tls_ecdhe new file mode 100644 index 0000000000..48c6384dad --- /dev/null +++ b/changes/tls_ecdhe @@ -0,0 +1,26 @@ + o Major features: + + - Servers can now enable the ECDHE TLS ciphersuites when available + and appropriate. These ciphersuites let us negotiate forward- + secure TLS secret keys more safely and more efficiently than with + our previous use of Diffie Hellman modulo a 1024-bit prime. + By default, public servers prefer the (faster) P224 group, and + bridges prefer the (more common) P256 group; you can override this + with the TLSECGroup option. + + Enabling these ciphers was a little tricky, since for a long + time, clients had been claiming to support them without + actually doing so, in order to foil fingerprinting. But with + the client-side implementation of proposal 198 in + 0.2.3.17-beta, clients can now match the ciphers from recent + firefox versions *and* list the ciphers they actually mean, so + servers can believe such clients when they advertise ECDHE + support in their TLS ClientHello messages. + + This feature requires clients running 0.2.3.17-beta or later, + and requires both sides to be running OpenSSL 1.0.0 or later + with ECC support. OpenSSL 1.0.1, with the compile-time option + "enable-ec_nistp_64_gcc_128", is highly recommended. + Implements the server side of proposal 198; closes ticket + 7200. + |