Opened 4 years ago

Last modified 6 weeks ago

#9476 new task

Completely drop support for Tor 0.2.2.x

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-relay, tor-dirauth, needs-analysis
Cc: starlight.2015q2@… Actual Points:
Parent ID: Points: medium/large
Reviewer: Sponsor:

Description

We should remove 0.2.2.x from the recommended version list.

We should stop accepting Tor 0.2.2.x nodes in the network: that release series is completely unsupported.

Finally dropping 0.2.2.x will let us start deprecating things that we'd like to throw away, like the renegotiation-based handshake.

Child Tickets

TicketStatusOwnerSummaryComponent
#11149closedStop listing relays that run Tor 0.2.2Core Tor/Tor
#11150closedTvdWRemove client code for connecting to and using 0.2.2 serversCore Tor/Tor
#11151newDrop support for 0.2.2 clientsCore Tor/Tor
#15212closedLog link protocol version counts as part of heartbeatCore Tor/Tor
#15233closednickmForm a plan for killing off 0.2.2 and 0.2.3Core Tor/Tor
#15760closedtortls.c fails to compile with OpenSSL 1.1.0-devCore Tor/Tor

Change History (44)

comment:1 Changed 4 years ago by atagar

Shall we reach out to relays with contact information to ask them to upgrade? I'd be willing to do this.

comment:2 Changed 4 years ago by nickm

I'd suggest that once 0.2.4.x is stable, that's the time to ask them to try 0.2.3.x or 0.2.4.x. Alternatively, a good question to ask them would be whether anything is preventing them from upgrading: Maybe there's some showstopper for some relays moving to 0.2.3.x that nobody tols us about?

comment:3 Changed 4 years ago by atagar

I would be truly surprised if it was due to any showstoppers, especially anything they didn't already file a ticket for. Ping me when you'd like me to contact folks.

comment:4 Changed 4 years ago by nickm

Okay, I think it's a fine time to contact these folks and ask them to upgrade to 0.2.4.x.

Also, let's remove 0.2.2.x from the recommended-versions lists.

comment:5 Changed 4 years ago by atagar

Hi Nick, relay operators notified...

  • 685 relays are running the 0.2.2.x series
  • 274 had contact information
  • 215 people emailed, of the rest 34 had rubbish contact information and 25 immediately bounced

Here's the script I threw together to get the relays...

from stem.descriptor.remote import DescriptorDownloader
from stem.version import Version

downloader = DescriptorDownloader()
count, with_contact = 0, 0

print "Checking for outdated relays..."
print

for desc in downloader.get_server_descriptors():
  if desc.tor_version < Version('0.2.3.0'):
    count += 1

    if desc.contact:
      print '  %-15s %s' % (desc.tor_version, desc.contact.decode("utf-8", "replace"))
      with_contact += 1

print
print "%i outdated relays found, %i had contact information" % (count, with_contact)

Unfortunately more time went toward manually un-obfuscating addresses (~60-90 minutes).

Cheers! -Damian

comment:6 Changed 4 years ago by atagar

One operator replied that Tor 0.2.2.x is part of the repositories for the latest Ubuntu LTS release (12.04). I'm not sure if 0.2.3.x is in the backports but, if not, it probably should be. Iirc ioerror offered to be our maintainer for Ubuntu.

comment:7 Changed 4 years ago by ZorbaTHut

I'm in the same Ubuntu LTS boat - I'll update to 0.2.3.x as soon as it's available through the Ubuntu 12.04 packages. I'd recommend not kicking 0.2.2.x nodes off the network until an update is available through Ubuntu, as I suspect there are a lot of people with the same situation.

comment:8 Changed 4 years ago by PimpMyRide

On Debian, I know there is a new release but this is still supported (I think?):
# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 6.0.7 (squeeze)
Release: 6.0.7
Codename: squeeze

# apt-cache show tor
Package: tor
Priority: optional
Section: net
Installed-Size: 2272
Maintainer: Peter Palfrader <weasel@…>
Architecture: amd64
Version: 0.2.2.39-1

comment:9 Changed 4 years ago by Jesse V.

It's nice to see that there's a ticket on this.

I've slowly been sending out some emails to 0.2.2.x operators manually. From what I've seen so far, it looks like most users are running that version because that's what's in the Debian/Ubuntu LTS repositories. Once linked to the page that points out how to add Tor's repos to their sources, the ones that got back to me were happy to upgrade.

From my perspective, I'm more concerned about cryptographic and Tor-level attacks, rather than old code, but I can see that dropping support would certainly be helpful for you devs.

comment:10 Changed 4 years ago by nickm

0.2.2.x nodes currently account for 2.7% of the nodes by bandwidth weight; and 5.8% by raw count.

We should at the very least remove it from the recommended list in the consensus.

We should also be trying to get people to move to 0.2.4 if possible.

Last edited 4 years ago by nickm (previous) (diff)

comment:11 Changed 4 years ago by nickm

I talked with weasel about this, and came up with this tentative plan:

  • Now -- remove 0.2.2 from recommended-versions
  • Some time over the next month -- stop accepting 0.2.2 servers in the consensus.
  • Around June, once debian squeeze hits EOL -- consider which features if any we no long need to support in Tor.
Last edited 4 years ago by nickm (previous) (diff)

comment:12 Changed 4 years ago by nickm

I think in 0.2.5, we can stop accepting 0.2.2 servers for the consensus this month.

For 0.2.5, we should also remove client support for talking to 0.2.2 servers: won't it be nice to finally get rid of the client-side renegotiation code?

Dumping server support for 0.2.2 clients can wait till squeeze EOL.

comment:13 Changed 4 years ago by nickm

Milestone: Tor: 0.2.5.x-finalTor: 0.2.6.x-final

(Just added those three as child tickets.)

comment:14 Changed 4 years ago by Jesse V.

I've been watching Tor Metrics to see what impact the OpenSSL "Heartbleed" vulnerability was having on the Tor network as a whole, if any. Among other things, I've noticed that the number of 0.2.2 relays has almost dropped to zero. From the graph it looks like it's less than a dozen or so. I say that now is a great time to drop support if it's doable.

See https://metrics.torproject.org/network.html

comment:15 Changed 3 years ago by nickm

Keywords: 026-triaged-1 added

comment:16 Changed 3 years ago by nickm

Keywords: unfrozen added

comment:17 Changed 3 years ago by nickm

Milestone: Tor: 0.2.6.x-finalTor: 0.2.7.x-final

Being a coward, pushing to 0.2.7. We need to figure out the issue with the handful of remaining zombie 0.2.2 clients turning from slow zombies into fast zombies when the network stops supporting them.

comment:18 Changed 3 years ago by nickm

Status: newassigned

comment:19 Changed 3 years ago by nickm

Keywords: 027-triaged-1-out added

Marking triaged-out items from first round of 0.2.7 triage.

comment:20 Changed 3 years ago by nickm

Milestone: Tor: 0.2.7.x-finalTor: 0.2.???

Make all non-needs_review, non-needs_revision, 027-triaged-1-out items belong to 0.2.???

comment:21 Changed 2 years ago by teor

Parent ID: #15940

comment:22 Changed 2 years ago by teor

Type: defecttask

comment:23 Changed 2 years ago by starlight

Cc: starlight.2015q2@… added

comment:24 Changed 2 years ago by nickm

Milestone: Tor: 0.2.???Tor: 0.2.8.x-final

comment:25 Changed 2 years ago by nickm

Points: medium/large

comment:26 Changed 22 months ago by nickm

Milestone: Tor: 0.2.8.x-finalTor: 0.2.9.x-final
Severity: Normal

Our current best guesses suggest that we can start doing this in 0.2.8, but we can't finish.

comment:27 Changed 19 months ago by nickm

Priority: HighMedium

comment:28 Changed 19 months ago by isabela

Milestone: Tor: 0.2.9.x-finalTor: 0.2.???

tickets market to be removed from milestone 029

comment:29 Changed 14 months ago by yawning

0.2.2.x clients apparently shit themselves on bootstrap (See: #19939).

comment:30 in reply to:  29 Changed 14 months ago by arma

Replying to yawning:

0.2.2.x clients apparently shit themselves on bootstrap (See: #19939).

Agreed. But I think that's just because dizum is busted currently. Once it's back, I expect those clients to resume working (for whatever terrible definition of 'working' it will be).

comment:31 Changed 11 months ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:32 Changed 10 months ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:33 in reply to:  12 Changed 5 months ago by arma

Replying to nickm:

Dumping server support for 0.2.2 clients can wait till squeeze EOL.

I hear squeeze has reached (and exceeded) eol.

comment:34 Changed 5 months ago by nickm

Right; the remaining problem here is the prospect of "fast zombies" per proposal 266. (I know you know; noting this here so others see it.)

Last edited 5 months ago by nickm (previous) (diff)

comment:35 Changed 5 months ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:36 Changed 5 months ago by nickm

Keywords: 027-triaged-in added

comment:37 Changed 5 months ago by nickm

Keywords: 027-triaged-in removed

comment:38 Changed 5 months ago by nickm

Keywords: 027-triaged-1-out removed

comment:39 Changed 5 months ago by nickm

Keywords: 026-triaged-1 removed

comment:40 Changed 5 months ago by dgoulet

Keywords: tor-dirauth added; tor-auth removed

Turns out that tor-auth is for directory authority so make it clearer with tor-dirauth

comment:41 Changed 5 months ago by nickm

Status: assignednew

Change the status of all assigned/accepted Tor tickets with owner="" to "new".

comment:42 Changed 5 months ago by nickm

Keywords: needs-analysis added; unfrozen removed

comment:43 Changed 4 months ago by teor

Tor versions older than 0.2.4.26 or 0.2.5.11 no longer believe enough current directory authorities to bootstrap:
https://trac.torproject.org/projects/tor/ticket/22251#comment:5

comment:44 Changed 6 weeks ago by nickm

Parent ID: #15940
Note: See TracTickets for help on using tickets.