Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#12766 closed defect (fixed)

Disable TLSv1.1 and TLSv1.2 in the Firefox helper

Reported by: dcf Owned by: dcf
Priority: Medium Milestone:
Component: Obfuscation/meek Version:
Severity: Keywords: TorBrowserTeam201408
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

With #11253, Tor Browser's Firefox config has TLSv1.1 and TLSv1.2 turned on. If meek-http-helper (browser TLS camouflage) sends Firefox 24 ciphersuites but uses TLSv1.1 or TLSv1.2, then it will look weird, because as I understand it, mainline Firefox 24 has TLSv1.1 and TLSv1.2 disabled. (doc/meek#Sampleclienthellos corroborates that ordinary Firefox 24 uses TLSv1.0 when connecting to Google.)

We also need to remember to turn TLSv1.1 and TLSv1.2 back on when they get enabled in the next ESR...

Child Tickets

Attachments (1)

0001-Set-security.tls.version.max-1-in-meek-http-helper.patch (1.4 KB) - added by dcf 3 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 3 years ago by dcf

Keywords: TorBrowserTeam201408 added
Status: newneeds_review

attachment:0001-Set-security.tls.version.max-1-in-meek-http-helper.patch​ disables TLSv1.1 and TLSv1.2 in the helper, by setting security.tls.version.max=1.

Before the patch (i.e., the status quo with 4.0-alpha-1), the TLS fingerprint stands out from ordinary Firefox 24 in the TLS version and in an extra extension:

     SSL Record Layer: Handshake Protocol: Client Hello
         Content Type: Handshake (22)
         Version: TLS 1.0 (0x0301)
-        Length: 169
+        Length: 191
         Handshake Protocol: Client Hello
             Handshake Type: Client Hello (1)
-            Length: 165
-            Version: TLS 1.0 (0x0301)
+            Length: 187
+            Version: TLS 1.2 (0x0303)
             Random
-                gmt_unix_time: Jul 12, 2089 08:23:06.000000000 PDT
-                random_bytes: f0b149a04ac4a554c5bda57030b17342cc1c0ab59c925cc8...
+                gmt_unix_time: Nov 29, 2031 00:35:52.000000000 PST
+                random_bytes: 4856792ce5d7e72f3255fef9792ed37d14124c402ed8dfb1...
             Session ID Length: 0
             Cipher Suites Length: 70
             Cipher Suites (35 suites)
@@ -51,7 +51,7 @@
             Compression Methods Length: 1
             Compression Methods (1 method)
                 Compression Method: null (0)
-            Extensions Length: 54
+            Extensions Length: 76
             Extension: server_name
                 Type: server_name (0x0000)
                 Length: 19
@@ -86,3 +86,7 @@
             Extension: next_protocol_negotiation
                 Type: next_protocol_negotiation (0x3374)
                 Length: 0
+            Extension: signature_algorithms
+                Type: signature_algorithms (0x000d)
+                Length: 18
+                Data (18 bytes)

After the patch, we're back to differing only in the client randomness:

             Length: 165
             Version: TLS 1.0 (0x0301)
             Random
-                gmt_unix_time: Jul 12, 2089 08:23:06.000000000 PDT
-                random_bytes: f0b149a04ac4a554c5bda57030b17342cc1c0ab59c925cc8...
+                gmt_unix_time: Sep 24, 1976 08:40:40.000000000 PDT
+                random_bytes: 52240b209956653bf5fd16b29aeb040d7a81d3358f86dd19...
             Session ID Length: 0
             Cipher Suites Length: 70
             Cipher Suites (35 suites)

comment:2 Changed 3 years ago by dcf

I made #12873 so as not to forget to undo this change once rebased on Firefox 31.

comment:3 Changed 3 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Merged as 3c581f8426f4fd477eb26d2893dbdec42d76e23d, thanks.

comment:4 Changed 3 years ago by mikeperry

Hrmm. I think you probably want to blend in with Firefox 31 regardless. It is more common than FF24ESR. Though, I'm not sure if security.tls.version.max=3 looked like Firefox 31 if it was done from a Firefox 24 build. It may not.

comment:5 in reply to:  4 Changed 3 years ago by dcf

Replying to mikeperry:

Hrmm. I think you probably want to blend in with Firefox 31 regardless. It is more common than FF24ESR. Though, I'm not sure if security.tls.version.max=3 looked like Firefox 31 if it was done from a Firefox 24 build. It may not.

It's a nice idea, but the ciphersuites, at least, offered by Firefox 31 are different than those offered by 24:

See https://www.ssllabs.com/ssltest/viewMyClient.html for an online test. I don't think we'll win in the long run making Firefox try to look like anything other than its true version; there are too many dead-parrot issues. Firefox 24 is less common than Firefox 31, but Firefox 24 ciphersuites with TLSv1.2 is likely to be less common than both.

Note: See TracTickets for help on using tickets.