Loading ChangeLog +28 −21 Original line number Diff line number Diff line Changes in version 0.2.4.8-alpha - 2013-01-14 Tor 0.2.4.8-alpha introduces directory guards to reduce user enumeration risks, adds a new stronger and faster circuit handshake, and offers stronger and faster link encryption when both sides support it. o Major features: - Preliminary support for directory guards (proposal 207): when possible, clients now use their entry guards for non-anonymous directory requests. This can help prevent client enumeration. Note that this behavior only works when we have a usable consensus directory: and when options about what to download are more or less standard. Resolves ticket 6526. - Tor servers and clients now support a better CREATE/EXTEND cell directory, and when options about what to download are more or less standard. In the future we should re-bootstrap from our guards, rather than re-bootstrapping from the preconfigured list of directory sources that ships with Tor. Resolves ticket 6526. - Tor relays and clients now support a better CREATE/EXTEND cell format, allowing the sender to specify multiple address, identity, and handshake types. Implements Robert Ransom's proposal 200; closes ticket 7199. Loading @@ -16,7 +21,7 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 - Tor now supports a new circuit extension handshake designed by Ian Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original circuit extension handshake, later called "TAP", was a bit slow (especially on the server side), had a fragile security proof, and (especially on the relay side), had a fragile security proof, and used weaker keys than we'd now prefer. The new circuit handshake uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman function, making it significantly more secure than the older Loading @@ -35,30 +40,31 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 Implements proposal 216; closes ticket 7202. o Major features (better link encryption): - Servers can now enable the ECDHE TLS ciphersuites when available and appropriate. These ciphersuites let us negotiate forward- secure TLS secret keys more safely and more efficiently than with our previous use of Diffie-Hellman modulo a 1024-bit prime. By default, public servers prefer the (faster) P224 group, and bridges prefer the (more common) P256 group; you can override this with the TLSECGroup option. - Relays can now enable the ECDHE TLS ciphersuites when available and appropriate. These ciphersuites let us negotiate forward-secure TLS secret keys more safely and more efficiently than with our previous use of Diffie-Hellman modulo a 1024-bit prime. By default, public relays prefer the (faster) P224 group, and bridges prefer the (more common) P256 group; you can override this with the TLSECGroup option. Enabling these ciphers was a little tricky, since for a long time, clients had been claiming to support them without actually doing so, in order to foil fingerprinting. But with the client-side implementation of proposal 198 in 0.2.3.17-beta, clients can now match the ciphers from recent Firefox versions *and* list the ciphers they actually mean, so servers can believe such clients ciphers they actually mean, so relays can believe such clients when they advertise ECDHE support in their TLS ClientHello messages. This feature requires clients running 0.2.3.17-beta or later, and requires both sides to be running OpenSSL 1.0.0 or later with ECC support. OpenSSL 1.0.1, with the compile-time option "enable-ec_nistp_64_gcc_128", is highly recommended. Implements the server side of proposal 198; closes ticket 7200. "enable-ec_nistp_64_gcc_128", is highly recommended. Implements the relay side of proposal 198; closes ticket 7200. o Major bugfixes: - Avoid crashing when, as a node without IPv6-exit support, a - Avoid crashing when, as a relay without IPv6-exit support, a client insists on getting an IPv6 address or nothing. Fixes bug 7814; bugfix on 0.2.4.7-alpha. Loading @@ -68,13 +74,14 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 upon the number of hop-RTTs that a particular circuit type undergoes. Additionally, launch intro circuits in parallel if they timeout, and take the first one to reply as valid. - Work correctly on unix systems where EAGAIN and EWOULDBLOCK are separate error codes--or at least, don't break for that reason. - Work correctly on Unix systems where EAGAIN and EWOULDBLOCK are separate error codes; or at least, don't break for that reason. Fixes bug 7935. Reported by "oftc_must_be_destroyed". - Update to the January 2 2013 Maxmind GeoLite Country database. o Minor features (testing): - Add benchmarks for DH (1024-bit multiplicative group) and ECDH (P-256) diffie-hellman handshakes to src/or/bench. (P-256) Diffie-Hellman handshakes to src/or/bench. - Add benchmark functions to test onion handshake performance. o Minor features (path bias detection): Loading Loading @@ -103,7 +110,7 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 makes us more resilient to ambient circuit failure without any detection capability loss. o Minor bugfixes: o Minor bugfixes (log messages): - Rate-limit the "No circuits are opened. Relaxed timeout for a circuit with channel state open..." message to once per hour to keep it from filling the notice logs. Mitigates bug 7799 but does Loading changes/geoip-jan2013deleted 100644 → 0 +0 −3 Original line number Diff line number Diff line o Minor features: - Update to the January 2 2013 Maxmind GeoLite Country database. Loading
ChangeLog +28 −21 Original line number Diff line number Diff line Changes in version 0.2.4.8-alpha - 2013-01-14 Tor 0.2.4.8-alpha introduces directory guards to reduce user enumeration risks, adds a new stronger and faster circuit handshake, and offers stronger and faster link encryption when both sides support it. o Major features: - Preliminary support for directory guards (proposal 207): when possible, clients now use their entry guards for non-anonymous directory requests. This can help prevent client enumeration. Note that this behavior only works when we have a usable consensus directory: and when options about what to download are more or less standard. Resolves ticket 6526. - Tor servers and clients now support a better CREATE/EXTEND cell directory, and when options about what to download are more or less standard. In the future we should re-bootstrap from our guards, rather than re-bootstrapping from the preconfigured list of directory sources that ships with Tor. Resolves ticket 6526. - Tor relays and clients now support a better CREATE/EXTEND cell format, allowing the sender to specify multiple address, identity, and handshake types. Implements Robert Ransom's proposal 200; closes ticket 7199. Loading @@ -16,7 +21,7 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 - Tor now supports a new circuit extension handshake designed by Ian Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original circuit extension handshake, later called "TAP", was a bit slow (especially on the server side), had a fragile security proof, and (especially on the relay side), had a fragile security proof, and used weaker keys than we'd now prefer. The new circuit handshake uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman function, making it significantly more secure than the older Loading @@ -35,30 +40,31 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 Implements proposal 216; closes ticket 7202. o Major features (better link encryption): - Servers can now enable the ECDHE TLS ciphersuites when available and appropriate. These ciphersuites let us negotiate forward- secure TLS secret keys more safely and more efficiently than with our previous use of Diffie-Hellman modulo a 1024-bit prime. By default, public servers prefer the (faster) P224 group, and bridges prefer the (more common) P256 group; you can override this with the TLSECGroup option. - Relays can now enable the ECDHE TLS ciphersuites when available and appropriate. These ciphersuites let us negotiate forward-secure TLS secret keys more safely and more efficiently than with our previous use of Diffie-Hellman modulo a 1024-bit prime. By default, public relays prefer the (faster) P224 group, and bridges prefer the (more common) P256 group; you can override this with the TLSECGroup option. Enabling these ciphers was a little tricky, since for a long time, clients had been claiming to support them without actually doing so, in order to foil fingerprinting. But with the client-side implementation of proposal 198 in 0.2.3.17-beta, clients can now match the ciphers from recent Firefox versions *and* list the ciphers they actually mean, so servers can believe such clients ciphers they actually mean, so relays can believe such clients when they advertise ECDHE support in their TLS ClientHello messages. This feature requires clients running 0.2.3.17-beta or later, and requires both sides to be running OpenSSL 1.0.0 or later with ECC support. OpenSSL 1.0.1, with the compile-time option "enable-ec_nistp_64_gcc_128", is highly recommended. Implements the server side of proposal 198; closes ticket 7200. "enable-ec_nistp_64_gcc_128", is highly recommended. Implements the relay side of proposal 198; closes ticket 7200. o Major bugfixes: - Avoid crashing when, as a node without IPv6-exit support, a - Avoid crashing when, as a relay without IPv6-exit support, a client insists on getting an IPv6 address or nothing. Fixes bug 7814; bugfix on 0.2.4.7-alpha. Loading @@ -68,13 +74,14 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 upon the number of hop-RTTs that a particular circuit type undergoes. Additionally, launch intro circuits in parallel if they timeout, and take the first one to reply as valid. - Work correctly on unix systems where EAGAIN and EWOULDBLOCK are separate error codes--or at least, don't break for that reason. - Work correctly on Unix systems where EAGAIN and EWOULDBLOCK are separate error codes; or at least, don't break for that reason. Fixes bug 7935. Reported by "oftc_must_be_destroyed". - Update to the January 2 2013 Maxmind GeoLite Country database. o Minor features (testing): - Add benchmarks for DH (1024-bit multiplicative group) and ECDH (P-256) diffie-hellman handshakes to src/or/bench. (P-256) Diffie-Hellman handshakes to src/or/bench. - Add benchmark functions to test onion handshake performance. o Minor features (path bias detection): Loading Loading @@ -103,7 +110,7 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 makes us more resilient to ambient circuit failure without any detection capability loss. o Minor bugfixes: o Minor bugfixes (log messages): - Rate-limit the "No circuits are opened. Relaxed timeout for a circuit with channel state open..." message to once per hour to keep it from filling the notice logs. Mitigates bug 7799 but does Loading
changes/geoip-jan2013deleted 100644 → 0 +0 −3 Original line number Diff line number Diff line o Minor features: - Update to the January 2 2013 Maxmind GeoLite Country database.