• Posted: 2014-11-01
  • Author: zzz
  • Posted in release

0.9.16 is a significant step forward in our plan to migrate from DSA to ECDSA and then EdDSA cryptographic signatures, and makes several other changes to increase your anonymity and security. Client tunnels for standard, IRC, and SOCKS IRC will use ECDSA signatures by default. In addition, we've fixed a large number of serious bugs, including console lockups.

Changes in router data structures will require i2pcontrol plugin users to update to version 0.0.9.

If you run an eepsite or a service and you are not running a recent release, or your Java or OS does not support ECDSA (as noted in the logs and on the /logs page in the console), please fix the issue as soon as possible or your users will soon be unable to connect.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.



  • Add support for stronger Router Info signatures
  • Encrypt RI lookups and responses on faster boxes
  • Require I2CP authorization for all messages when enabled (requires 0.9.11 or higher client)
  • Disable SSLv3 and older ciphers for reseeding and other uses of SSL
  • Use ECDSA by default for i2ptunnel IRC, SOCKS-IRC, and standard client tunnels
  • Don't prefer floodfills in some countries
  • New column sorting, set-all priority buttons, and upload ratio display in i2psnark
  • Increase i2psnark tunnel default to 3 hops
  • Implement bundling of multiple fragments in a single SSU message for efficiency
  • New add-to-addressbook links on netdb leaseset page
  • Implement I2NP DatabaseLookupMessage search type field to improve lookup efficiency

Bug Fixes

  • CPUID fixes and updates for recent processors
  • i2psnark fix magnet links with %-encoding
  • Improve handling of SSU socket closing out from under us (hopefully fix 100% CPU)
  • SSU bitfield handling fixes
  • Fix HTTP header issues in i2psnark
  • Fix rare NPE when building garlic message
  • Fix console lockups (hopefully)
  • Fix i2ptunnel js confirm-delete


  • Move router data structures from i2p.jar to router.jar (breaks i2pcontrol plugin)
  • New router keys now stored in router.keys.dat (eepPriv.dat format) instead of router.keys
  • Improve handling of unsupported encryption throughout
  • More error checking of client I2CP messages by the router
  • Initial work on hooks for pluggable transports
  • Enforce request timestamp in tunnel build messages
  • Re-enable message status in streaming, but treat no leaseset as a soft failure for now
  • Return unused DH keypairs to the pool for efficiency
  • Raise failsafe tagset limit and improve deletion strategy when hit
  • Change eepsite Jetty threadpool and queue configuration (new installs only)
  • NTCP establishment refactoring in prep for NTCP2 and PT
  • Jetty 8.1.16-v20140903
  • Translation updates
  • Update GeoIP data (new installs and PPA only)

SHA256 Checksums:

186bbe30a37802b6201fe129516e2d9515925cfc60e2f68645eb6413ec172953  i2pinstall_0.9.16_windows.exe
5b2a1e23273e1d76a071142adc58b836ed300e2c1f2fd80d330ac61632fab173  i2pinstall_0.9.16.jar
ebc319585b9c58127676243694151c45296a56abaf51a36ae5919be3fc7f544e  i2psource_0.9.16.tar.bz2
06f3ab867499fa8407f5bcf52ccee196031df6f0b76b000db98b74ef61ecd24f  i2pupdate_0.9.16.zip
7d32cc4c90b35e0eedf6a75377dc3bd4b4dc962e5a42a57fdcc0df500bd2e924  i2pupdate.su2
867739321ee4e3c6e418e99f10b6337ccb3e2aeb2e32979734b209b2310c9e8e  i2pupdate.su3
b7bd6b420c1ebc58aa23860b26594acc549ea26116c39c911a0b49091f954b52  i2pupdate.sud