mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
First editing pass on changelog.
This commit is contained in:
parent
d950ad0dfd
commit
a51ad3fe56
287
ChangeLog
287
ChangeLog
@ -1,48 +1,55 @@
|
||||
Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
blurb goes here
|
||||
Tor 0.3.1.1-alpha is the first release in the 0.3.1.x series. It
|
||||
reduces the bandwidth usage for Tor's directory protocol, adds some
|
||||
basic padding to resist netflow-based traffic analysis and to serve as
|
||||
the basis of other padding in the future, and adds rust support to the
|
||||
build system.
|
||||
|
||||
It also contains numerous other small features and improvements to
|
||||
security, correctness, and performance.
|
||||
|
||||
Below are the changes since 0.3.0.7.
|
||||
|
||||
o Major features (directory protocol):
|
||||
- Tor relays and authorities are now able to serve clients an
|
||||
abbreviated version of the networkstatus consensus document,
|
||||
containing only the changes since the an older consensus document
|
||||
that the client holds. Clients now request these documents when
|
||||
available. When this new protocol is in use by both client and
|
||||
server, they will use far less bandwidth (up to 94% less) to keep
|
||||
an up-to-date consensus. Implements proposal 140; closes ticket
|
||||
13339. Based on work by by Daniel Martí.
|
||||
- Tor's compression module now includes support for the zstd and
|
||||
lzma2 compression algorithms, if the libzstd and liblzma libraries
|
||||
are available when Tor is compiled. Once these features are
|
||||
exposed in the directory module, they will enable Tor to provide
|
||||
better compression ratios on directory documents. Part of an
|
||||
implementation for proposal 278; closes ticket 21662.
|
||||
- Add an ed diff/patch backend, optimized for consensus documents.
|
||||
This backend will be the basis of our consensus diff
|
||||
implementation. Most of the work here was done by Daniel Martí.
|
||||
Closes ticket 21643.
|
||||
- Tor relays and authorities can now serve clients an abbreviated
|
||||
version of the consensus document, containing only the changes
|
||||
since an older consensus document that the client holds. Clients
|
||||
now request these documents when available. When both client and
|
||||
server use this new protocol, they will use far less bandwidth (up
|
||||
to 94% less) to keep the client's consensus up-to-date. Implements
|
||||
proposal 140; closes ticket 13339. Based on work by by
|
||||
Daniel Martí.
|
||||
- Tor can now compress directory traffic with lzma or with zstd
|
||||
compression algoritms, which can deliver better bandwidth
|
||||
performance. Because lzma is computationally expensive, it's only
|
||||
used for documents that can be compressed once and served many
|
||||
times. Support for these algorithms requires that tor is build
|
||||
with the libzstd and/or liblzma libraries available. Implements
|
||||
proposal 278; closes ticket 21662.
|
||||
|
||||
o Major features (experimental):
|
||||
- Tor now has the optional ability to include modules written in
|
||||
Rust. To turn this on, pass the "--enable-rust" flag to the
|
||||
configure script. It's not time to get excited yet: currently,
|
||||
there is no actual Rust functionality beyond some simple glue
|
||||
code, and a notice at startup to tell you that Rust is running.
|
||||
Still, we hope that programmers and packagers will try building
|
||||
with rust support, so that we can find issues with the build
|
||||
system, and solve portability issues. Closes ticket 22106.
|
||||
- Tor can now build modules written in Rust. To turn this on, pass
|
||||
the "--enable-rust" flag to the configure script. It's not time to
|
||||
get excited yet: currently, there is no actual Rust functionality
|
||||
beyond some simple glue code, and a notice at startup to tell you
|
||||
that Rust is running. Still, we hope that programmers and
|
||||
packagers will try building Tor with rust support, so that we can
|
||||
find issues, and solve portability problems. Closes ticket 22106.
|
||||
|
||||
o Major features (traffic analysis resistance):
|
||||
- Relays and clients will now send a padding cell on idle OR
|
||||
connections every 1.5 to 9.5 seconds (tunable via consensus
|
||||
parameters). Directory connections and inter-relay connections are
|
||||
not padded. Padding is negotiated using Tor's link protocol, so
|
||||
both relays and clients must upgrade for this to take effect.
|
||||
Clients may still send padding despite the relay's version by
|
||||
setting ConnectionPadding 1 in torrc, and may disable padding by
|
||||
setting ConnectionPadding 0 in torrc. Padding may be minimized for
|
||||
mobile users with the torrc option ReducedConnectionPadding.
|
||||
Implements Proposal 251 and Section 2 of Proposal 254; closes
|
||||
ticket 16861.
|
||||
- Client-to-relays connections can now send a padding cells every
|
||||
1.5 to 9.5 seconds (tunable via consensus parameters). This will
|
||||
not resist specialized eavesdroppers, but it should be enough to
|
||||
make many ISPs' routine network flow logging less useful in
|
||||
traffic analysis against Tor users.
|
||||
|
||||
Padding is negotiated using Tor's link protocol, so both relays
|
||||
and clients must upgrade for this to take effect. Clients may
|
||||
still send padding despite the relay's version by setting
|
||||
ConnectionPadding 1 in torrc, and may disable padding by setting
|
||||
ConnectionPadding 0 in torrc. Padding may be minimized for mobile
|
||||
users with the torrc option ReducedConnectionPadding. Implements
|
||||
Proposal 251 and Section 2 of Proposal 254; closes ticket 16861.
|
||||
- Relays will publish 24 hour totals of padding and non-padding cell
|
||||
counts to their extra-info descriptors, unless PaddingStatistics 0
|
||||
is set in torrc. These 24 hour totals are also rounded to
|
||||
@ -56,7 +63,7 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
o Minor features (security, windows):
|
||||
- Enable a couple of pieces of Windows hardening: one
|
||||
(HeapEnableTerminationOnCorruption) that has been on-by-default
|
||||
since Windows 8, and unavailable before Windows 7, and one
|
||||
since Windows 8, and unavailable before Windows 7; and one
|
||||
(PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
|
||||
affect us, but shouldn't do any harm. Closes ticket 21953.
|
||||
|
||||
@ -66,23 +73,25 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
|
||||
o Minor features (defaults):
|
||||
- The default value for UseCreateFast is now 0: clients which
|
||||
haven't yet received a consensus document will nonetheless use a
|
||||
proper handshake to talk to their directory servers (when they
|
||||
can). Closes ticket 21407.
|
||||
haven't yet received a consensus document will now use a proper
|
||||
ntor handshake to talk to their directory servers whenever they
|
||||
can. Closes ticket 21407.
|
||||
- Onion key rotation and expiry intervals are now defined as a
|
||||
network consensus parameter as per proposal 274. The default
|
||||
lifetime of an onion key is bumped from 7 to 28 days. Old onion
|
||||
keys will expire after 7 days by default. Closes ticket 21641.
|
||||
network consensus parameter, per proposal 274. The default
|
||||
lifetime of an onion key is increased from 7 to 28 days. Old onion
|
||||
keys will expire after 7 days by default. This change will make
|
||||
consensus diffs much smaller, and save significant bandwidth.
|
||||
Closes ticket 21641.
|
||||
|
||||
o Minor features (fallback directory list):
|
||||
- Update the fallback directory mirror whitelist and blacklist based
|
||||
on operator emails. Closes task 21121.
|
||||
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||
December 2016 (of which ~126 were still functional), with a list
|
||||
of 151 fallbacks (32 new, 119 existing, 58 removed) generated in
|
||||
May 2017. Resolves ticket 21564.
|
||||
December 2016 (of which ~126 were still functional) with a list of
|
||||
151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
|
||||
2017. Resolves ticket 21564.
|
||||
|
||||
o Minor features (hidden services):
|
||||
o Minor features (hidden services, logging):
|
||||
- Add more information to the message logged when a hidden service
|
||||
descriptor has fewer introduction points than specified in
|
||||
HiddenServiceNumIntroductionPoints. Follow up to tickets 21598 and
|
||||
@ -99,23 +108,20 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
14917 or 21155. Closes ticket 21155.
|
||||
|
||||
o Minor features (include in torrc config files):
|
||||
- Allow the use of %include on configuration files to include
|
||||
settings from other files or directories. Using %include with a
|
||||
directory will include all (non-dot) files in that directory in
|
||||
lexically sorted order (non-recursive), closes ticket 1922.
|
||||
- Make SAVECONF command return error when overwriting a torrc that
|
||||
has includes. Using SAVECONF with the FORCE option will allow it
|
||||
to overwrite torrc even if includes are used, closes ticket 1922.
|
||||
- Adds config-can-saveconf to GETINFO command to tell if SAVECONF
|
||||
will work without the FORCE option, closes ticket 1922.
|
||||
|
||||
o Minor features (infrastructure, seccomp2 sandbox):
|
||||
- We now have a document storage backend compatible with the Linux
|
||||
seccomp2 sandbox. The long-term plan is to use this backend for
|
||||
consensus documents and for storing unparseable directory
|
||||
material. Closes ticket 21645.
|
||||
- Allow "%include" directives in torrc configuration files. These
|
||||
directives import the settings from other files, or from all the
|
||||
files in a directory. Closes ticket 1922. Code by Daniel Pinto.
|
||||
- Make SAVECONF return error when overwriting a torrc that has
|
||||
includes. Using SAVECONF with the FORCE option will allow it to
|
||||
overwrite torrc even if includes are used. Related to ticket 1922.
|
||||
- Add "GETINFO config-can-saveconf" to tell controllers if SAVECONF
|
||||
will work without the FORCE option. Related to ticket 1922.
|
||||
|
||||
o Minor features (linux seccomp2 sandbox):
|
||||
- We now have a document storage backend compatible with the Linux
|
||||
seccomp2 sandbox. This backend is used for consensus documents and
|
||||
diffs between them; in the long term, we'd like to use it for
|
||||
unparseable directory material too. Closes ticket 21645
|
||||
- Increase the maximum allowed size passed to mprotect(PROT_WRITE)
|
||||
from 1MB to 16MB. This was necessary with the glibc allocator in
|
||||
order to allow worker threads to allocate more memory -- which in
|
||||
@ -130,13 +136,13 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
from toralf.
|
||||
|
||||
o Minor features (performance):
|
||||
- The minimal keccak implementation we include now accesses memory
|
||||
more efficiently, especially on little-endian systems. Closes
|
||||
ticket 21737.
|
||||
- Add an O(1) implementation of channel_find_by_global_id().
|
||||
- Our Keccak implementation now accesses memory more efficiently,
|
||||
especially on little-endian systems. Closes ticket 21737.
|
||||
- Add an O(1) implementation of channel_find_by_global_id(), to
|
||||
speed some controller functions.
|
||||
|
||||
o Minor features (relay, configuration):
|
||||
- The MyFamily line may now be repeated as many times as desired,
|
||||
- The MyFamily option may now be repeated as many times as desired,
|
||||
for relays that want to configure large families. Closes ticket
|
||||
4998; patch by Daniel Pinto.
|
||||
|
||||
@ -159,7 +165,7 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
examining Tor network performance issues. There are no trace
|
||||
events yet, and event-tracing is off by default unless enabled at
|
||||
compile time. Implements ticket 13802.
|
||||
- Improve version parsing tests: add tests for typical version
|
||||
- Improve our version parsing tests: add tests for typical version
|
||||
components, add tests for invalid versions, including numeric
|
||||
range and non-numeric prefixes. Unit tests 21278, 21450, and
|
||||
21507. Partially implements 21470.
|
||||
@ -170,7 +176,7 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
Found by Andrey Karpov with PVS-Studio.
|
||||
|
||||
o Minor bugfixes (code correctness):
|
||||
- Accurately identify client connections using their lack of peer
|
||||
- Accurately identify client connections by their lack of peer
|
||||
authentication. This means that we bail out earlier if asked to
|
||||
extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix
|
||||
on 0.2.4.23.
|
||||
@ -183,9 +189,9 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
- Allow more control over how long TLS connections are kept open:
|
||||
unify CircuitIdleTimeout and PredictedPortsRelevanceTime into a
|
||||
single option called CircuitsAvailableTimeout. Also, allow the
|
||||
consensus to control the default values for both this preference,
|
||||
as well as the lifespan of relay-to-relay connections. Fixes bug
|
||||
17592; bugfix on 0.2.5.5-alpha.
|
||||
consensus to control the default values for both this preference
|
||||
and lifespan of relay-to-relay connections. Fixes bug 17592;
|
||||
bugfix on 0.2.5.5-alpha.
|
||||
- Increase the intial circuit build timeout testing frequency, to
|
||||
help ensure that ReducedConnectionPadding clients finish learning
|
||||
a timeout before their orconn would expire. The initial testing
|
||||
@ -195,34 +201,32 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
learned in about 15-20 minutes, instead of ~100-120 minutes.
|
||||
|
||||
o Minor bugfixes (connection usage):
|
||||
- Relays will now log hourly statistics on the total number of
|
||||
- Relays now log hourly statistics on the total number of
|
||||
connections to other relays. If the number of connections per
|
||||
relay unexpectedly large, this log message is at notice level.
|
||||
Otherwise it is at info.
|
||||
- Use NETINFO cells to try to determine if both relays involved in a
|
||||
connection will agree on the canonical status of that connection.
|
||||
Prefer the connections where this is the case for extend cells,
|
||||
and try to close connections where relays disagree on canonical
|
||||
status early. Also, additionally alter the connection selection
|
||||
logic to prefer the oldest valid connection for extend cells.
|
||||
These two changes should reduce the number of long-term
|
||||
connections that are kept open between relays. Fixes bug 17604;
|
||||
bugfix on 0.2.5.5-alpha.
|
||||
- We use NETINFO cells to try to determine if both relays involved
|
||||
in a connection will agree on the canonical status of that
|
||||
connection. We prefer the connections where this is the case for
|
||||
extend cells, and try to close connections where relays disagree
|
||||
on their canonical status early. Also, we now prefer the oldest
|
||||
valid connection for extend cells. These two changes should reduce
|
||||
the number of long-term connections that are kept open between
|
||||
relays. Fixes bug 17604; bugfix on 0.2.5.5-alpha.
|
||||
|
||||
o Minor bugfixes (controller):
|
||||
- GETINFO onions/current and onions/detached no longer 551 on empty
|
||||
lists Fixes bug 21329; bugfix on 0.2.7.1-alpha.
|
||||
lists. Fixes bug 21329; bugfix on 0.2.7.1-alpha.
|
||||
- Trigger HS descriptor events on the control port when the client
|
||||
is unable to pick a suitable hidden service directory. This can
|
||||
happen if they are all in the ExcludeNodes list or they all have
|
||||
been queried inside the allowed 15 minutes. Fixes bug 22042;
|
||||
bugfix on 0.2.5.2-alpha.
|
||||
fails to pick a hidden service directory for a hidden service.
|
||||
This can happen if they all hidden service directories are in
|
||||
ExcludeNodes, or they have all been queried inside the last 15
|
||||
minutes. Fixes bug 22042; bugfix on 0.2.5.2-alpha.
|
||||
|
||||
o Minor bugfixes (directory authority):
|
||||
- When rejecting a router descriptor because the relay is running an
|
||||
obsolete version of Tor without ntor support, warn about the
|
||||
obsolete tor version, not the missing ntor key. Fixes bug 20270;
|
||||
bugfix on 0.2.9.3-alpha.
|
||||
- When rejecting a router descriptor for running an obsolete version
|
||||
of Tor without ntor support, warn about the obsolete tor version,
|
||||
not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.
|
||||
- Prevent the shared randomness subsystem from asserting when
|
||||
initialized by a bridge authority with an incomplete configuration
|
||||
file. Fixes bug 21586; bugfix on 0.2.9.8.
|
||||
@ -234,9 +238,8 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
Karpov using PVS-Studio.
|
||||
|
||||
o Minor bugfixes (fallback directories):
|
||||
- Make the usage example in updateFallbackDirs.py actually work.
|
||||
(And explain what it does.) Fixes bug 22270; bugfix
|
||||
on 0.3.0.3-alpha.
|
||||
- Make the usage example in updateFallbackDirs.py actually work, and
|
||||
explain what it does. Fixes bug 22270; bugfix on 0.3.0.3-alpha.
|
||||
- Decrease the guard flag average required to be a fallback. This
|
||||
allows us to keep relays that have their guard flag removed when
|
||||
they restart. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
|
||||
@ -247,8 +250,8 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
selected. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
|
||||
|
||||
o Minor bugfixes (hidden services):
|
||||
- Stop printing cryptic warning when a client tries to connect on an
|
||||
invalid port of the service. Fixes bug 16706; bugfix
|
||||
- Stop printing a cryptic warning when a client tries to connect to
|
||||
invalid port on a hidden service. Fixes bug 16706; bugfix
|
||||
on 0.2.6.3-alpha.
|
||||
- Simplify hidden service descriptor creation by using an existing
|
||||
flag to check if an introduction point is established. Fixes bug
|
||||
@ -259,9 +262,9 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto.
|
||||
|
||||
o Minor bugfixes (protocol, logging):
|
||||
- Downgrade a log statement from bug to protocol warning because
|
||||
there is at least one use case where it can be triggered by a
|
||||
buggy tor implementation on the Internet for instance. Fixes bug
|
||||
- Downgrade a log statement about unexpected relay cells from "bug"
|
||||
to "protocol warning", because there is at least one use case
|
||||
where it can be triggered by a buggy tor implementation. Fixes bug
|
||||
21293; bugfix on 0.1.1.14-alpha.
|
||||
|
||||
o Minor bugfixes (testing):
|
||||
@ -276,10 +279,10 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
bug 21510; bugfix on 0.2.9.3-alpha.
|
||||
|
||||
o Minor bugfixes (voting consistency):
|
||||
- Reject version numbers with non-numeric prefixes (such as +, -,
|
||||
and whitespace). Disallowing whitespace prevents differential
|
||||
version parsing between POSIX-based and Windows platforms. Fixes
|
||||
bug 21507 and part of 21508; bugfix on 0.0.8pre1.
|
||||
- Reject version numbers with non-numeric prefixes (such as +, -, or
|
||||
whitespace). Disallowing whitespace prevents differential version
|
||||
parsing between POSIX-based and Windows platforms. Fixes bug 21507
|
||||
and part of 21508; bugfix on 0.0.8pre1.
|
||||
|
||||
o Minor bugfixes (windows, relay):
|
||||
- Resolve "Failure from drain_fd: No error" warnings on Windows
|
||||
@ -289,15 +292,14 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
- Break up the 630-line function connection_dir_client_reached_eof()
|
||||
into a dozen smaller functions. This change should help
|
||||
maintainability and readability of the client directory code.
|
||||
- Isolate our usage of the openssl headers so that they are only
|
||||
used from our crypto wrapper modules, and from tests that examing
|
||||
those modules' internals. Closes ticket 21841.
|
||||
- Our API to launch directory requests has been greatly simplified
|
||||
to become more extensible and less error-prone. We'll be using
|
||||
this to improve support for adding extra headers to directory
|
||||
requests. Closes ticket 21646.
|
||||
- Isolate our use of the openssl headers so that they are only
|
||||
included from our crypto wrapper modules, and from tests that
|
||||
examine those modules' internals. Closes ticket 21841.
|
||||
- Our API to launch directory requests has been simplified to be
|
||||
more extensible and less error-prone. We'll use this to support
|
||||
adding extra headers to directory requests. Closes ticket 21646.
|
||||
- Our base64 decoding functions no longer overestimate the output
|
||||
space that they will need when parsing unpadded inputs. Closes
|
||||
space that they need when parsing unpadded inputs. Closes
|
||||
ticket 17868.
|
||||
- Remove unused "ROUTER_ADDED_NOTIFY_GENERATOR" internal value.
|
||||
Resolves ticket 22213.
|
||||
@ -308,60 +310,45 @@ Changes in version 0.3.1.1-alpha - 2017-05-??
|
||||
there is one common spooling implementation, with extensible data
|
||||
types. Closes ticket 21651.
|
||||
- Tor's compression module now supports multiple backends. Part of
|
||||
an implementation of proposal 278; closes ticket 21663.
|
||||
the implementation for proposal 278; closes ticket 21663.
|
||||
|
||||
o Documentation:
|
||||
- Clarify the behavior of the KeepAliveIsolateSOCKSAuth sub-option.
|
||||
Closes ticket 21873.
|
||||
- Correct the documentation about the default DataDirectory value.
|
||||
- Correct documentation about the default DataDirectory value.
|
||||
Closes ticket 21151.
|
||||
- Default of NumEntryGuards is 1 if the consensus parameter guard-n-
|
||||
primary-guards-to-use isn't set. Default of NumDirectoryGuards is
|
||||
3 if the consensus parameter guard-n-primary-dir-guards-to-use
|
||||
isn't set. Fixes bug 21715; bugfix on 0.3.0.1-alpha.
|
||||
- Document the default behavior of NumEntryGuards and
|
||||
NumDirectoryGuards correctly. Fixes bug 21715; bugfix
|
||||
on 0.3.0.1-alpha.
|
||||
- Document key=value pluggable transport arguments for Bridge lines
|
||||
in torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha.
|
||||
- Note that bandwidth-limiting options don't affect TCP headers or
|
||||
DNS. Closes ticket 17170.
|
||||
|
||||
o Removed features:
|
||||
- We've removed the tor-checkkey tool from src/tools. Long ago, we
|
||||
used it to help people detect RSA keys that were generated by
|
||||
versions of Debian affected by CVE-2008-0166. But those keys have
|
||||
been out of circulation for ages, and this tool is no longer
|
||||
required. Closes ticket 21842.
|
||||
|
||||
o Removed features (configuration options, all in ticket 22060):
|
||||
- AllowInvalidNodes was deprecated in 0.2.9.2-alpha and now has been
|
||||
removed. It is not possible anymore to use Invalid nodes.
|
||||
- AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has
|
||||
been removed. It's not possible anymore to attach streams to
|
||||
single hop exit circuit.
|
||||
- AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has
|
||||
been removed. Relays no longer advertise that they can be used for
|
||||
single hop exit proxy.
|
||||
- These configuration options are now marked Obsolete, and no longer
|
||||
have any affect: AllowInvalidNodes, AllowSingleHopCircuits,
|
||||
AllowSingleHopExits, ExcludeSingleHopRelays, FastFirstHopPK,
|
||||
TLSECGroup, WarnUnsafeSocks. They were first marked as deprecated
|
||||
in 0.2.9.2-alpha and have now has been removed. The previous
|
||||
default behavior is now always-on; the previous (less secure) non-
|
||||
default behavior is now unavailable.
|
||||
- CloseHSClientCircuitsImmediatelyOnTimeout was deprecated in
|
||||
0.2.9.2-alpha and now has been removed. HS circuits never close on
|
||||
circuit build timeout, they have a longer timeout period.
|
||||
- CloseHSServiceRendCircuitsImmediatelyOnTimeout was deprecated in
|
||||
0.2.9.2-alpha and now has been removed. HS circuits never close on
|
||||
circuit build timeout, they have a long timeout period.
|
||||
- ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has
|
||||
been removed. Client will always exclude relays that supports
|
||||
single hop exits meaning relays that still advertise
|
||||
AllowSingleHopExits.
|
||||
- FastFirstHopPK was deprecated in 0.2.9.2-alpha and now has been
|
||||
removed. Decision for this feature will always be decided by
|
||||
the consensus.
|
||||
- TLSECGroup was deprecated in 0.2.9.2-alpha and now has been
|
||||
removed. P256 EC group is always used.
|
||||
- WarnUnsafeSocks was deprecated in 0.2.9.2-alpha and now has been
|
||||
removed. Tor will now always warn the user if only an IP address
|
||||
is given instead of an hostname on a SOCKS connection if SafeSocks
|
||||
is 1.
|
||||
- {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress was deprecated
|
||||
in 0.2.9.2-alpha and now has been removed. Use the ORPort
|
||||
(and others).
|
||||
- {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress were deprecated
|
||||
in 0.2.9.2-alpha and now has been removed. Use the ORPort option
|
||||
(and others) to configure listen-only and advertise-only addresses.
|
||||
|
||||
o Removed features (tools):
|
||||
- We've removed the tor-checkkey tool from src/tools. Long ago, we
|
||||
used it to help people detect RSA keys that were generated by
|
||||
versions of Debian affected by CVE-2008-0166. But those keys have
|
||||
been out of circulation for ages, and this tool is no longer
|
||||
required. Closes ticket 21842.
|
||||
|
||||
|
||||
Changes in version 0.3.0.7 - 2017-05-15
|
||||
|
Loading…
Reference in New Issue
Block a user