Release of the New Stable Branch Tor 0.3.5

The Tor 0.3.5.7 toolkit, used for organizing the anonymous Tor network, has been officially released. Tor 0.3.5.7 is recognized as the first stable release of the 0.3.5 branch, which has been in development for the past four months. At the same time, corrective updates for previous Tor branches 0.3.4.10 and 0.3.3.11 have also been released, including accumulated bug fixes. The 0.3.5 branch will be supported as a Long-Term Support (LTS) release, with updates for core functionality provided for three years (until February 1, 2022).

Main New Features

• Client Authorization for Hidden Services: Added support for client authorization when connecting to hidden services using the third version of the onion services protocol. Authorization is implemented at the service descriptor access level—now, a hidden service can be configured so that only pre-authorized clients can decrypt the descriptor to obtain connection information. The “ClientOnionAuthDir” option has been added for clients in torrc, and the “authorized_clients/” directory is now available for services to store the list of authorized clients.
• Improved Revision Counter Generation: For hidden services based on the third version of the protocol, revision counter generation has been improved to enable service scaling by running instances of the same service on different hosts without needing to synchronize host data.
• HiddenServiceExportCircuitID Setting: A new setting, HiddenServiceExportCircuitID, is available for separating client circuits and can be specified for a hidden service using the third version of the protocol. This feature allows access to the hidden service via the HAProxy protocol to assign a virtual IP address to incoming client circuits.
• Enhanced Bandwidth Measurement Tools: Support for improved bandwidth measurement tools has been added.
• Experimental NSS Library Support: An experimental feature allows the use of Mozilla’s NSS libraries instead of OpenSSL. The --enable-nss option has been added for building with NSS.
• Codebase Reorganization: Work has begun on a complete reorganization of the Tor codebase to enhance modularity and simplify project maintenance. For example, large files are being split into smaller ones, and specific functionalities are being separated. The “common” directory has been split into a set of libraries (“lib”), files from the “or” directory have been moved to the core part (“core”), independent modules (“feature”), or applications (“app”).
• Performance Optimizations: Optimizations have been made to increase performance, reducing startup time by an average of 8%.
• Default to Onion Service Protocol v3: By default, new onion services now use the third version of the protocol. If you need to create new hidden services based on the second version of the protocol after updating, you will need to change the configuration (using the “HiddenServiceVersion 2” option). Existing services will retain their protocol version, as it is specified in the key file.
• Exit Relay Default Behavior Changed: The gateway no longer starts by default in exit node mode. If the ExitRelay parameter is set to “auto,” explicit configuration of exit traffic rules using the ExitPolicy and ReducedExitPolicy options is now required to run an exit node.
• Startup Message Overhaul: Startup messages in Tor have been reworked, which may affect compatibility with external log parsing utilities. Progress updates on retrieving data from the directory server are no longer provided until a successful connection to the gateway (relay or bridge) is established.