diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-06-06 12:00:04 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-06-06 12:00:04 -0400 |
| commit | 8a341cc429879e642862cb16a9de5da889867020 (patch) | |
| tree | 68e525c161ea8bee13c65c1c864055b60ca89a99 | |
| parent | 0ee13dc287320c0b1aeffb0854534ee1d8b561b2 (diff) | |
| download | tor-8a341cc429879e642862cb16a9de5da889867020.tar tor-8a341cc429879e642862cb16a9de5da889867020.tar.gz | |
Change the default for DynamicDHGroups to 0
This feature can make Tor relays less identifiable by their use of the
mod_ssl DH group, but at the cost of some usability (#4721) and bridge
tracing (#6087) regressions.
We should try to turn this on by default again if we find that the
mod_ssl group is uncommon and/or we move to a different DH group size
(see #6088). Before we can do so, we need a fix for bugs #6087 and
Resolves ticket #5598 for now.
| -rw-r--r-- | changes/bug5598 | 5 | ||||
| -rw-r--r-- | doc/tor.1.txt | 2 | ||||
| -rw-r--r-- | src/or/config.c | 2 |
3 files changed, 7 insertions, 2 deletions
diff --git a/changes/bug5598 b/changes/bug5598 new file mode 100644 index 000000000..e8e67415b --- /dev/null +++ b/changes/bug5598 @@ -0,0 +1,5 @@ + o Changed defaults: + - Change the default value for DynamicDHGroups to 0. This feature can + make Tor relays less identifiable by their use of the mod_ssl DH + group, but at the cost of some usability (#4721) and bridge tracing + (#6087) regressions. Resolves ticket #5598. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 00371c380..f5e5b86c2 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -266,7 +266,7 @@ Other options can be specified either on the command-line (--option If this option is set to 1, when running as a server, generate our own Diffie-Hellman group instead of using the one from Apache's mod_ssl. This option may help circumvent censorship based on static - Diffie-Hellman parameters. (Default: 1). + Diffie-Hellman parameters. (Default: 0). **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ + diff --git a/src/or/config.c b/src/or/config.c index 090d96c15..cf6ae84b1 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -257,7 +257,7 @@ static config_var_t _option_vars[] = { V(DisableAllSwap, BOOL, "0"), V(DisableDebuggerAttachment, BOOL, "1"), V(DisableIOCP, BOOL, "1"), - V(DynamicDHGroups, BOOL, "1"), + V(DynamicDHGroups, BOOL, "0"), V(DNSPort, LINELIST, NULL), V(DNSListenAddress, LINELIST, NULL), V(DownloadExtraInfo, BOOL, "0"), |