Opened 4 years ago

Last modified 4 months ago

#9476 assigned task

Completely drop support for Tor 0.2.2.x

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-relay, tor-auth, 026-triaged-1, unfrozen, 027-triaged-1-out, tor-03-unspecified-201612
Cc: starlight.2015q2@… Actual Points:
Parent ID: #15940 Points: medium/large
Reviewer: Sponsor:

Description

We should remove 0.2.2.x from the recommended version list.

We should stop accepting Tor 0.2.2.x nodes in the network: that release series is completely unsupported.

Finally dropping 0.2.2.x will let us start deprecating things that we'd like to throw away, like the renegotiation-based handshake.

Child Tickets

TicketSummaryOwner
#11149Stop listing relays that run Tor 0.2.2
#11150Remove client code for connecting to and using 0.2.2 serversTvdW
#11151Drop support for 0.2.2 clients
#15212Log link protocol version counts as part of heartbeat
#15233Form a plan for killing off 0.2.2 and 0.2.3nickm
#15760tortls.c fails to compile with OpenSSL 1.1.0-dev

Change History (32)

comment:1 Changed 4 years ago by atagar

Shall we reach out to relays with contact information to ask them to upgrade? I'd be willing to do this.

comment:2 Changed 4 years ago by nickm

I'd suggest that once 0.2.4.x is stable, that's the time to ask them to try 0.2.3.x or 0.2.4.x. Alternatively, a good question to ask them would be whether anything is preventing them from upgrading: Maybe there's some showstopper for some relays moving to 0.2.3.x that nobody tols us about?

comment:3 Changed 4 years ago by atagar

I would be truly surprised if it was due to any showstoppers, especially anything they didn't already file a ticket for. Ping me when you'd like me to contact folks.

comment:4 Changed 4 years ago by nickm

Okay, I think it's a fine time to contact these folks and ask them to upgrade to 0.2.4.x.

Also, let's remove 0.2.2.x from the recommended-versions lists.

comment:5 Changed 4 years ago by atagar

Hi Nick, relay operators notified...

  • 685 relays are running the 0.2.2.x series
  • 274 had contact information
  • 215 people emailed, of the rest 34 had rubbish contact information and 25 immediately bounced

Here's the script I threw together to get the relays...

from stem.descriptor.remote import DescriptorDownloader
from stem.version import Version

downloader = DescriptorDownloader()
count, with_contact = 0, 0

print "Checking for outdated relays..."
print

for desc in downloader.get_server_descriptors():
  if desc.tor_version < Version('0.2.3.0'):
    count += 1

    if desc.contact:
      print '  %-15s %s' % (desc.tor_version, desc.contact.decode("utf-8", "replace"))
      with_contact += 1

print
print "%i outdated relays found, %i had contact information" % (count, with_contact)

Unfortunately more time went toward manually un-obfuscating addresses (~60-90 minutes).

Cheers! -Damian

comment:6 Changed 4 years ago by atagar

One operator replied that Tor 0.2.2.x is part of the repositories for the latest Ubuntu LTS release (12.04). I'm not sure if 0.2.3.x is in the backports but, if not, it probably should be. Iirc ioerror offered to be our maintainer for Ubuntu.

comment:7 Changed 4 years ago by ZorbaTHut

I'm in the same Ubuntu LTS boat - I'll update to 0.2.3.x as soon as it's available through the Ubuntu 12.04 packages. I'd recommend not kicking 0.2.2.x nodes off the network until an update is available through Ubuntu, as I suspect there are a lot of people with the same situation.

comment:8 Changed 4 years ago by PimpMyRide

On Debian, I know there is a new release but this is still supported (I think?):
# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 6.0.7 (squeeze)
Release: 6.0.7
Codename: squeeze

# apt-cache show tor
Package: tor
Priority: optional
Section: net
Installed-Size: 2272
Maintainer: Peter Palfrader <weasel@…>
Architecture: amd64
Version: 0.2.2.39-1

comment:9 Changed 3 years ago by Jesse V.

It's nice to see that there's a ticket on this.

I've slowly been sending out some emails to 0.2.2.x operators manually. From what I've seen so far, it looks like most users are running that version because that's what's in the Debian/Ubuntu LTS repositories. Once linked to the page that points out how to add Tor's repos to their sources, the ones that got back to me were happy to upgrade.

From my perspective, I'm more concerned about cryptographic and Tor-level attacks, rather than old code, but I can see that dropping support would certainly be helpful for you devs.

comment:10 Changed 3 years ago by nickm

0.2.2.x nodes currently account for 2.7% of the nodes by bandwidth weight; and 5.8% by raw count.

We should at the very least remove it from the recommended list in the consensus.

We should also be trying to get people to move to 0.2.4 if possible.

Last edited 3 years ago by nickm (previous) (diff)

comment:11 Changed 3 years ago by nickm

I talked with weasel about this, and came up with this tentative plan:

  • Now -- remove 0.2.2 from recommended-versions
  • Some time over the next month -- stop accepting 0.2.2 servers in the consensus.
  • Around June, once debian squeeze hits EOL -- consider which features if any we no long need to support in Tor.
Last edited 3 years ago by nickm (previous) (diff)

comment:12 Changed 3 years ago by nickm

I think in 0.2.5, we can stop accepting 0.2.2 servers for the consensus this month.

For 0.2.5, we should also remove client support for talking to 0.2.2 servers: won't it be nice to finally get rid of the client-side renegotiation code?

Dumping server support for 0.2.2 clients can wait till squeeze EOL.

comment:13 Changed 3 years ago by nickm

  • Milestone changed from Tor: 0.2.5.x-final to Tor: 0.2.6.x-final

(Just added those three as child tickets.)

comment:14 Changed 3 years ago by Jesse V.

I've been watching Tor Metrics to see what impact the OpenSSL "Heartbleed" vulnerability was having on the Tor network as a whole, if any. Among other things, I've noticed that the number of 0.2.2 relays has almost dropped to zero. From the graph it looks like it's less than a dozen or so. I say that now is a great time to drop support if it's doable.

See https://metrics.torproject.org/network.html

comment:15 Changed 3 years ago by nickm

  • Keywords 026-triaged-1 added

comment:16 Changed 2 years ago by nickm

  • Keywords unfrozen added

comment:17 Changed 2 years ago by nickm

  • Milestone changed from Tor: 0.2.6.x-final to Tor: 0.2.7.x-final

Being a coward, pushing to 0.2.7. We need to figure out the issue with the handful of remaining zombie 0.2.2 clients turning from slow zombies into fast zombies when the network stops supporting them.

comment:18 Changed 2 years ago by nickm

  • Status changed from new to assigned

comment:19 Changed 2 years ago by nickm

  • Keywords 027-triaged-1-out added

Marking triaged-out items from first round of 0.2.7 triage.

comment:20 Changed 2 years ago by nickm

  • Milestone changed from Tor: 0.2.7.x-final to Tor: 0.2.???

Make all non-needs_review, non-needs_revision, 027-triaged-1-out items belong to 0.2.???

comment:21 Changed 2 years ago by teor

  • Parent ID set to #15940

comment:22 Changed 2 years ago by teor

  • Type changed from defect to task

comment:23 Changed 21 months ago by starlight

  • Cc starlight.2015q2@… added

comment:24 Changed 19 months ago by nickm

  • Milestone changed from Tor: 0.2.??? to Tor: 0.2.8.x-final

comment:25 Changed 19 months ago by nickm

  • Points set to medium/large

comment:26 Changed 16 months ago by nickm

  • Milestone changed from Tor: 0.2.8.x-final to Tor: 0.2.9.x-final
  • Severity set to Normal

Our current best guesses suggest that we can start doing this in 0.2.8, but we can't finish.

comment:27 Changed 13 months ago by nickm

  • Priority changed from High to Medium

comment:28 Changed 13 months ago by isabela

  • Milestone changed from Tor: 0.2.9.x-final to Tor: 0.2.???

tickets market to be removed from milestone 029

comment:29 follow-up: Changed 8 months ago by yawning

0.2.2.x clients apparently shit themselves on bootstrap (See: #19939).

comment:30 in reply to: ↑ 29 Changed 8 months ago by arma

Replying to yawning:

0.2.2.x clients apparently shit themselves on bootstrap (See: #19939).

Agreed. But I think that's just because dizum is busted currently. Once it's back, I expect those clients to resume working (for whatever terrible definition of 'working' it will be).

comment:31 Changed 6 months ago by teor

  • Milestone changed from Tor: 0.2.??? to Tor: 0.3.???

Milestone renamed

comment:32 Changed 4 months ago by nickm

  • Keywords tor-03-unspecified-201612 added
  • Milestone changed from Tor: 0.3.??? to Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

Note: See TracTickets for help on using tickets.