Re: [tor-dev] Preferred OpenSSL config for Tor?

2014-09-16 Thread Zack Weinberg
On Tue, Sep 16, 2014 at 11:08 AM, Steve Snyder wrote: > What are the recommended build options for OpenSSL 1.0.1x when building it > for use with Tor v0.2.5.x? Assuming you're on an x86-64 machine and have a reasonably recent GCC (4.6 should do), as a starting point, this is how I build OpenSSL

[tor-dev] Preferred OpenSSL config for Tor?

2014-09-16 Thread Steve Snyder
What are the recommended build options for OpenSSL 1.0.1x when building it for use with Tor v0.2.5.x? Put another way, what default OpenSSL features (ciphers, etc.) should be disabled and what optional features should be enabled? My goal here is to build a Tor-oriented OpenSSL, one that dispens

Re: [tor-dev] Guardiness: Yet another external dirauth script

2014-09-16 Thread Damian Johnson
> - Q: Why do you slow stem instead of parsing consensuses with Python on your > own? > > This is another part where I might have taken the wrong design > decision, but I decided to not get into the consensus parsing business > and just rely on stem. > > This is also because I was hoping to use st

Re: [tor-dev] Guardiness: Yet another external dirauth script

2014-09-16 Thread Sebastian Hahn
On 16 Sep 2014, at 16:15, George Kadianakis wrote: > How guardiness works > The idea was that the guardiness script will be an external script > that is run by Tor in a similar fashion to the bandwidth auth > scripts. We chose that because we could write the script in a > high-level langu

[tor-dev] Guardiness: Yet another external dirauth script

2014-09-16 Thread George Kadianakis
==Guardiness: Yet another external dirauth script== Introduction One well-known problem with Tor relays, is that Guards will suffer a big loss of traffic as soon as they get the Guard flag. This happens because clients pick guards every 2-3 months, so young guards will not get picked by o

Re: [tor-dev] Call for a big fast bridge (to be the meek backend)

2014-09-16 Thread Ximin Luo
On 16/09/14 03:12, David Fifield wrote: > The meek pluggable transport is currently running on the bridge I run, > which also happens to be the backend bridge for flash proxy. I'd like to > move it to a fast relay run by an experienced operator. I want to do > this both to diffuse trust, so that I

[tor-dev] Transparent Proxy: how does it work?

2014-09-16 Thread CJ
Hello dear torrorists :) I'm wanting to do some weird things with iptables in order to force some connections through Tor's TransProxy, but before that I have an interrogation on its internals: How does it detect if we're wanting to use, let's say, SMTP over Tor? Is there any kind of sniffer that