16 lat temu · b21a122ef6
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,14 @@ Changes in version 0.2.0.20-?? - 2008-02-??
 
				       for bridge users. Also do this for people who set StrictEntryNodes.
			
 
				     - When a TrackHostExits-chosen exit fails too many times in a row,
			
 
				       stop using it.  Bugfix on 0.1.2.x.  Fixes bug 437.
			
 
				+    - Enable the revised TLS handshake based on the one designed by
			
 
				+      Steven Murdoch in proposal 124, as revised in proposal 130.  It
			
 
				+      includes version negotiation for OR connections as described in
			
 
				+      proposal 105.  The new handshake is meant to be harder for
			
 
				+      censors to fingerprint, and it adds the ability to detect
			
 
				+      certain kinds of man-in-the-middle traffic analysis attacks.
			
 
				+      The version negotiation feature will allow us to improve Tor's
			
 
				+      link protocol more safely in the future.
			
 
				 
			
 
				   o Major bugfixes:
			
 
				     - Resolved problems with (re-)fetching hidden service descriptors.
			
--- a/doc/spec/proposals/130-v2-conn-protocol.txt
+++ b/doc/spec/proposals/130-v2-conn-protocol.txt
@@ -17,7 +17,6 @@ Overview:
 
				        Proposal 124: Blocking resistant TLS certificate usage
			
 
				     It refers to aspects of:
			
 
				        Proposal 105: Version negotiation for the Tor protocol
			
 
				-       Proposal 110: Avoid infinite length circuits
			
 
				 
			
 
				 
			
 
				   In summary, The Tor connection protocol has been in need of a redesign
			
@@ -183,8 +182,4 @@ Proposal:
 
				    as in proposal 105, and communications begin as per tor-spec.txt.
			
 
				    Until NETINFO cells have been exchanged, the connection is not open.
			
 
				 
			
 
				-   RELAY_EARLY cells are accepted as in proposal 110, and treated as
			
 
				-   RELAY cells except that they are relayed as RELAY_EARLY if the next
			
 
				-   host in the circuit has negotiated v2 or later; otherwise, not.
			
 
				-   Command value 9 is used for RELAY_EARLY.
			
 
				 
			
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -42,8 +42,10 @@ const char tortls_c_id[] =
 
				 #include "ht.h"
			
 
				 #include <string.h>
			
 
				 
			
 
				-// #define V2_HANDSHAKE_SERVER
			
 
				-// #define V2_HANDSHAKE_CLIENT
			
 
				+/* Enable the "v2" TLS handshake.
			
 
				+ */
			
 
				+#define V2_HANDSHAKE_SERVER
			
 
				+#define V2_HANDSHAKE_CLIENT
			
 
				 
			
 
				 /* Copied from or.h */
			
 
				 #define LEGAL_NICKNAME_CHARACTERS \