Commit 8a341cc4 authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Change the default for DynamicDHGroups to 0

This feature can make Tor relays less identifiable by their use of the
mod_ssl DH group, but at the cost of some usability (#4721) and bridge
tracing (#6087) regressions.

We should try to turn this on by default again if we find that the
mod_ssl group is uncommon and/or we move to a different DH group size
(see #6088).  Before we can do so, we need a fix for bugs #6087 and

Resolves ticket #5598 for now.
parent 0ee13dc2
o Changed defaults:
- Change the default value for DynamicDHGroups to 0. This feature can
make Tor relays less identifiable by their use of the mod_ssl DH
group, but at the cost of some usability (#4721) and bridge tracing
(#6087) regressions. Resolves ticket #5598.
......@@ -266,7 +266,7 @@ Other options can be specified either on the command-line (--option
If this option is set to 1, when running as a server, generate our
own Diffie-Hellman group instead of using the one from Apache's mod_ssl.
This option may help circumvent censorship based on static
Diffie-Hellman parameters. (Default: 1).
Diffie-Hellman parameters. (Default: 0).
**AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
......
......@@ -257,7 +257,7 @@ static config_var_t _option_vars[] = {
V(DisableAllSwap, BOOL, "0"),
V(DisableDebuggerAttachment, BOOL, "1"),
V(DisableIOCP, BOOL, "1"),
V(DynamicDHGroups, BOOL, "1"),
V(DynamicDHGroups, BOOL, "0"),
V(DNSPort, LINELIST, NULL),
V(DNSListenAddress, LINELIST, NULL),
V(DownloadExtraInfo, BOOL, "0"),
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment