Perl script attached which I made to take this !reject formatted list of bleeding tor nodes and reformat it into a mega-long ExcludeNodes line and put it at the end of my exit node's torrc. My tor daemon did not bomb or complain upon seeing the line.
Hopefully that is the right way to use that !rejects list for relay operators who want to do the best thing?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
(again a Disclaimer: I am not a Tor dev/guru and might be talking bullsh*t.)
Tor circuits (a "way" through the Tor network) and thus nodes are entirely chosen by clients based on the consensus given by dirauths (see my earlier post). The ExcludeNodes statement you use basically instructs the Tor *client* part not to use the specified nodes in their circuits.
If you run a relay, you don't have to undertake any action because of Heartbleed except rotating your keys (deleting all keys in DataDir/keys), updating OpenSSL and restarting Tor. (Moritz Bartl sent an E-Mail to tor-relays explaining all this in great detail on 4/8/2014: "Relays vulnerable to OpenSSL bug: Please upgrade")
tl;dr: ExcludeNodes does not work and is not needed for relay operators.
On 04/18/2014 12:56 AM, tor@t-3.net wrote:
Perl script attached which I made to take this !reject formatted list of bleeding tor nodes and reformat it into a mega-long ExcludeNodes line and put it at the end of my exit node's torrc. My tor daemon did not bomb or complain upon seeing the line.
Hopefully that is the right way to use that !rejects list for relay operators who want to do the best thing?
On Fri, Apr 18, 2014 at 01:40:17AM +0200, Tobias Markus wrote:
Tor circuits (a "way" through the Tor network) and thus nodes are entirely chosen by clients based on the consensus given by dirauths (see my earlier post). The ExcludeNodes statement you use basically instructs the Tor *client* part not to use the specified nodes in their circuits.
If you run a relay, you don't have to undertake any action because of Heartbleed except rotating your keys (deleting all keys in DataDir/keys), updating OpenSSL and restarting Tor. (Moritz Bartl sent an E-Mail to tor-relays explaining all this in great detail on 4/8/2014: "Relays vulnerable to OpenSSL bug: Please upgrade")
Correct.
--Roger
I want to setup a Tor relay, but know nothing. Got a minute to read a page of questions?
On Thursday, April 17, 2014 10:27:31 PM, Roger Dingledine arma@mit.edu wrote:
On Fri, Apr 18, 2014 at 01:40:17AM +0200, Tobias Markus wrote:
Tor circuits (a "way" through the Tor network) and thus nodes are entirely chosen by clients based on the consensus given by dirauths (see my earlier post). The ExcludeNodes statement you use basically instructs the Tor *client* part not to use the specified nodes in their circuits.
If you run a relay, you don't have to undertake any action because of Heartbleed except rotating your keys (deleting all keys in DataDir/keys), updating OpenSSL and restarting Tor. (Moritz Bartl sent an E-Mail to tor-relays explaining all this in great detail on 4/8/2014: "Relays vulnerable to OpenSSL bug: Please upgrade")
Correct.
--Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Robert Smith -
Roger Dingledine -
Tobias Markus -
tor@t-3.net