SOCKS4A/SOCKS5 proxy support?

Jacob Appelbaum jacob at
Tue Sep 25 01:45:27 CEST 2012

Hans-Christoph Steiner:
> FYI, the gnupg-for-android port already includes libcurl 7.23, so this
> support should be included already.

I did some more testing and with a local HTTP proxy and I still see DNS
SRV requests. I didn't build gpg with './configure --disable-dns-srv'
though. I tried to tell it to stop looking things up with 'gpg
--no-auto-key-locate' but that didn't seem to do the trick.

The seemingly undocumented 'no-try-dns-srv' keyserver option did the trick:


  gpg --keyserver-options
no-try-dns-srv,http-proxy=,debug,verbose --search
jacob at

I'm using packages for these tests. If you are building GnuPG and plan
on using it with Tor over SOCKS or HTTP, I guess you'd want to cripple
any chance of a stray DNS packet leaking out:

./configure \
--disable-dns-cert \
--disable-dns-pka \

If you don't want to disable those at run time, I guess 'no-try-dns-srv'
should also work.

I checked and the table for Mac OS X and SOCKS proxy support is quite bleak:

Mac OS X 10.8.x - curl 7.24.0
Mac OS X 10.7.4 - curl 7.21.4
Mac OS X 10.6 - curl 7.19.0
Mac OS X 10.5 - curl 7.16.2
Mac OS X 10.4 (intel) - curl 7.13.0

I think that means that other than on Mac OS X 10.8.x, gpg won't be able
to use SOCKS at all. My version numbers might be a bit off as I had to
compile that table from man pages (whee!) on Apple's developer site.

If curl isn't used on Windows (?) and the win32 builds aren't supporting
proxies, I guess the problem is the same. Does anyone have am idea about
proxy support on Windows? Is there anything at all?

The rest of the GNU/Linux and BSD operating systems will probably leak
DNS depending on build options. The vanilla configure will leak DNS
requests by default. In theory this is a good thing but in practice Tor
users and other proxy users will want to use 'no-try-dns-srv' I think.

As a side note - 'no-try-dns-srv' makes gpg go a lot faster - even over Tor!

All the best,

More information about the Gnupg-devel mailing list