]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ee13dc)
Change the default for DynamicDHGroups to 0
authorNick Mathewson <nickm@torproject.org>
Wed, 6 Jun 2012 16:00:04 +0000 (12:00 -0400)
committerNick Mathewson <nickm@torproject.org>
Wed, 6 Jun 2012 16:00:04 +0000 (12:00 -0400)
This feature can make Tor relays less identifiable by their use of the
mod_ssl DH group, but at the cost of some usability (#4721) and bridge
tracing (#6087) regressions.

We should try to turn this on by default again if we find that the
mod_ssl group is uncommon and/or we move to a different DH group size
(see #6088).  Before we can do so, we need a fix for bugs #6087 and

Resolves ticket #5598 for now.

changes/bug5598 [new file with mode: 0644] patch | blob
doc/tor.1.txt patch | blob | blame | history
src/or/config.c patch | blob | blame | history

diff --git a/changes/bug5598 b/changes/bug5598
new file mode 100644 (file)
index 0000000..e8e6741
--- /dev/null
+++ b/changes/bug5598
@@ -0,0 +1,5 @@
+  o Changed defaults:
+    - Change the default value for DynamicDHGroups to 0. This feature can
+      make Tor relays less identifiable by their use of the mod_ssl DH
+      group, but at the cost of some usability (#4721) and bridge tracing
+      (#6087) regressions. Resolves ticket #5598.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 00371c380ad3b30d62a689b6e0032e02b694a18c..f5e5b86c2922f13ba59aba026043ebe9de7748d8 100644 (file)
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -266,7 +266,7 @@ Other options can be specified either on the command-line (--option
     If this option is set to 1, when running as a server, generate our
     own Diffie-Hellman group instead of using the one from Apache's mod_ssl.
     This option may help circumvent censorship based on static
-    Diffie-Hellman parameters. (Default: 1).
+    Diffie-Hellman parameters. (Default: 0).
 
 **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
 
diff --git a/src/or/config.c b/src/or/config.c
index 090d96c155cec728daad2f845d225dd3ab9e53ba..cf6ae84b1af2d760db9b2c16b8471792f3095b94 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -257,7 +257,7 @@ static config_var_t _option_vars[] = {
   V(DisableAllSwap,              BOOL,     "0"),
   V(DisableDebuggerAttachment,   BOOL,     "1"),
   V(DisableIOCP,                 BOOL,     "1"),
-  V(DynamicDHGroups,             BOOL,     "1"),
+  V(DynamicDHGroups,             BOOL,     "0"),
   V(DNSPort,                     LINELIST, NULL),
   V(DNSListenAddress,            LINELIST, NULL),
   V(DownloadExtraInfo,           BOOL,     "0"),
Mirror of https://git.torproject.org/tor.git