Opened 10 years ago

Closed 10 years ago

Last modified 8 years ago

#2156 closed task (fixed)

Time to abandon Tor 0.1.2.x?

Reported by: Sebastian Owned by:
Priority: Medium Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I just tested an old Tor, and it doesn't work as a client anymore (it can't bootstrap due to not having enough trusted directories available). We also have just three relays on left, none of which are very big. If we finally manage to declare 0.1.2.x dead, we can drop a lot of old compatibility code from Tor in an 0.2.3.x timeframe. Are there reasons why we should not do this?

Child Tickets

Change History (7)

comment:1 Changed 10 years ago by arma

We already don't recommend it in the recommended-versions lists.

I think it's pretty much dead, yes.

(This is kind of a shame, since last June in Iran half the people there were using Tor 0.1.x.y Tor clients; but time marches on, and I hope they've upgraded by now.)

Were you thinking to have the Tor directory authorities reject relay descriptors from anybody before 0.2.0.x? Or just to have us remove code that supports clients on 0.1.2.x since they won't be working anyway?

comment:2 Changed 10 years ago by Sebastian

I was thinking that while fixing #2081 I would also bump the min required version to 0.2.0.x

comment:3 Changed 10 years ago by arma

The main reason to abandon 0.1.2.x as relays is because they're caching the wrong directory information. I guess we could do the small step of taking away their DirPort, which would solve that issue. But I'm fine taking the bigger step too.

comment:4 Changed 10 years ago by nickm

Milestone: Tor: 0.2.3.x-final

comment:5 Changed 10 years ago by arma

Given the experience we just gained in #2081, I think we should avoid locking out versions of Tor which still mostly work. The main reason to lock out Tor 0.1.2.x as relay is that it caches the wrong directory stuff. So let's identify the first 0.2.0.x version that caches the right directory stuff, and go with that. is where we did

    - Use new V3 directory authority keys on the tor26, gabelmoo, and
      moria1 V3 directory authorities. The old keys were generated with
      a vulnerable version of Debian's OpenSSL package, and must be
      considered compromised. Other authorities' keys were not generated
      with an affected version of OpenSSL.

So "lock out anything older than" would be my choice.

comment:6 Changed 10 years ago by nickm

Resolution: fixed
Status: newclosed

ok, done in 5efe6f04c68debe6ef9307d0ed98f67ed5ca5f46

comment:7 Changed 8 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.