Version 10 (modified by asn, 21 months ago) (diff)


Intro to Next Gen Onion Services

Tor now supports the next-generation onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services ("v3") features many improvements over the legacy system, including:

  1. Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
  2. Improved directory protocol, leaking much less information to directory servers.
  3. Improved directory protocol, with smaller surface for targeted attacks.
  4. Better onion address security against impersonation.
  5. More extensible introduction/rendezvous protocol.
  6. A cleaner and more modular codebase.

You can identify a next-generation onion address by its length: they are 56 characters long, as in `4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion`.

The specification for next gen onion services can be found here:

Current state

In alpha testing phase.

In the future, we will release more options and features for v3 onion services, but we first need a testing period, so that the current codebase matures and becomes more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see proposal 224.

Example prop224 services

You will need a Tor browser running tor- to visit these:

  • Riseup: vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion
  • ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion

(Also never trust onions you read on a wiki)

How to connect to test hub

Compile Tor from source:

$ git clone

and then build it using ./ && ./configure && make.

Setup a basic torrc for your Tor client

Try this one (adapt it to your filesystem):

SocksPort 9008
RunAsDaemon 0
SafeLogging 0
DataDirectory /home/user/tmp/tor
Log notice stdout
Log notice file /home/user/tmp/hsclient/tor.log
Log info file  /home/user/tmp/hsclient/torinfo.log

Setup a socat tunnel to the prop224 testing hub

I use this command:

`$ socat TCP4-LISTEN:4250,bind=localhost,fork,reuseaddr SOCKS4A:localhost:gff4ixq3takworeuhkubzz4xh2ulytoct4xrpazkiykhupalqlo53ryd.onion:6697,socksport=9008`

Connect to the testing hub IRC channel

Start up your IRC client (in this case irssi) and point it to the tunnel we opened above:

`/server -ssl localhost 4250`

`/join #prop224`

Sit back and enjoy!

If you made it this far the next step is to relax and enjoy this new Internet experience.  Also monitor your log files to see if any warnings or bugs appeared. If we see your client misbehaving we might ask you to give us some logs etc. If any other tests are required we will notify you through the IRC testing hub.

How to setup your own prop224 service


Attachments (3)

Download all attachments as: .zip