Opened 5 years ago

Last modified 18 months ago

#12990 new defect

route certificate errors

Reported by: saint Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by saint)

So on August 17th, I experienced a weird error and haven't noticed it since, but thought I'd try to determine the cause. I was using the latest TBB (3.6.4) on Ubuntu 14.04 x64. Figure this was just an uber glitch, but wanted to report it just in case it happens for someone else also:

Aug 17 00:45:22.000 [warn] Tried connecting to router at 185.13.39.135:443, but identity key was not as expected: wanted 2F7C841C58F475EDE7C5D69393D07617BF387E99 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.

Full session below:

griffin@mercurius:~/Downloads/tor-browser_en-US$ ./start-tor-browser

Launching Tor Browser Bundle for Linux in /home/griffin/Downloads/tor-browser_en-US

(process:29067): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed

(firefox:29067): Gtk-WARNING **: Unable to locate theme engine in module_path: "adwaita",

(firefox:29067): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::sm-connect after class was initialised

(firefox:29067): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::show-crash-dialog after class was initialised

(firefox:29067): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::display after class was initialised

(firefox:29067): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::default-icon after class was initialised
Aug 17 00:43:30.909 [notice] Tor v0.2.4.23 (git-a9ea51dc0bd48126) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1i.
Aug 17 00:43:30.910 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 17 00:43:30.910 [notice] Read configuration file "/home/griffin/Downloads/tor-browser_en-US/Data/Tor/torrc-defaults".
Aug 17 00:43:30.910 [notice] Read configuration file "/home/griffin/Downloads/tor-browser_en-US/Data/Tor/torrc".
Aug 17 00:43:30.916 [notice] Opening Socks listener on 127.0.0.1:9150
Aug 17 00:43:30.916 [notice] Opening Control listener on 127.0.0.1:9151
Aug 17 00:43:30.000 [notice] Pluggable transport proxy (fte exec ./Tor/PluggableTransports/fteproxy.bin --managed) does not provide any needed transports and will not be launched.
Aug 17 00:43:30.000 [notice] Pluggable transport proxy (obfs2,obfs3 exec ./Tor/PluggableTransports/obfsproxy.bin managed) does not provide any needed transports and will not be launched.
Aug 17 00:43:30.000 [notice] Pluggable transport proxy (flashproxy exec ./Tor/PluggableTransports/flashproxy-client --register :0 :9000) does not provide any needed transports and will not be launched.
Aug 17 00:43:30.000 [notice] Parsing GEOIP IPv4 file /home/griffin/Downloads/tor-browser_en-US/Data/Tor/geoip.
Aug 17 00:43:30.000 [notice] Parsing GEOIP IPv6 file /home/griffin/Downloads/tor-browser_en-US/Data/Tor/geoip6.
Aug 17 00:43:31.000 [notice] We now have enough directory information to build circuits.
Aug 17 00:43:31.000 [notice] Bootstrapped 80%: Connecting to the Tor network.
Aug 17 00:43:31.000 [notice] New control connection opened.
Aug 17 00:43:31.000 [notice] Pluggable transport proxy (fte exec ./Tor/PluggableTransports/fteproxy.bin --managed) does not provide any needed transports and will not be launched.
Aug 17 00:43:31.000 [notice] Pluggable transport proxy (obfs2,obfs3 exec ./Tor/PluggableTransports/obfsproxy.bin managed) does not provide any needed transports and will not be launched.
Aug 17 00:43:31.000 [notice] Pluggable transport proxy (flashproxy exec ./Tor/PluggableTransports/flashproxy-client --register :0 :9000) does not provide any needed transports and will not be launched.
Aug 17 00:43:31.000 [notice] New control connection opened.
Aug 17 00:43:31.000 [notice] Bootstrapped 85%: Finishing handshake with first hop.
Aug 17 00:43:32.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Aug 17 00:43:33.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Aug 17 00:43:33.000 [notice] Bootstrapped 100%: Done.
Aug 17 00:43:34.000 [notice] New control connection opened.
Aug 17 00:45:22.000 [warn] Tried connecting to router at 185.13.39.135:443, but identity key was not as expected: wanted 2F7C841C58F475EDE7C5D69393D07617BF387E99 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:27.000 [warn] Tried connecting to router at 77.109.141.139:443, but identity key was not as expected: wanted 527ED954F9E7800AB00BCE366542CB074B42DD2A but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:29.000 [warn] Tried connecting to router at 5.34.183.205:443, but identity key was not as expected: wanted DDD7871C1B7FA32CB55061E08869A236E61BDDF8 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:30.000 [warn] Tried connecting to router at 88.198.100.230:443, but identity key was not as expected: wanted 093E76DE8EF51256E0FDC51B41237989ADA4AC2E but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:31.000 [warn] Tried connecting to router at 5.39.80.135:443, but identity key was not as expected: wanted AB73816E5D7BC52664CBB9D005FF579BAFEAFE87 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:34.000 [warn] Tried connecting to router at 86.59.119.83:443, but identity key was not as expected: wanted FC9AC8EA0160D88BCCFDE066940D7DD9FA45495B but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:35.000 [warn] Tried connecting to router at 62.210.84.20:443, but identity key was not as expected: wanted 5A16F7E31B26F286889F20027F57A5E253AF3F23 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:38.000 [warn] Tried connecting to router at 96.44.189.102:443, but identity key was not as expected: wanted 3B486DEC5A22694C0960B4A97A3665C617C89B1C but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:38.000 [warn] Tried connecting to router at 188.165.138.55:443, but identity key was not as expected: wanted 95A3BC167A575964F40F251B850ABB47960A530D but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:47:02.000 [warn] Tried connecting to router at 62.210.82.177:443, but identity key was not as expected: wanted 7663AD93B561AA11F40982BBDB3D3063AD28E3C7 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:47:04.000 [notice] Owning controller connection has closed -- exiting now.

Tor Browser exited cleanly.
griffin@mercurius:~/Downloads/tor-browser_en-US$ cd

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by saint

Description: modified (diff)

comment:2 Changed 21 months ago by cypherpunks

Component: Applications/Tor BrowserCore Tor/Tor
Keywords: tor-client added; certificate removed
Owner: tbb-team deleted
Severity: Normal
Status: newassigned

comment:3 Changed 20 months ago by nickm

Milestone: Tor: unspecified

That looks very much like an MITM attempt, possibly by a captive portal. In particular, the key digest matches the authority key id here: https://censys.io/certificates/e2a86707f84d27fc76f972275d85248d22595e8e71aadb434626832000d2d805/table
and there's more about it here: https://certificatedetails.com/4279541b61cd552b3e63d53c4857f59ffb45ce4a/31113/wtc.hntb.com

saint, do you happen to remember what kind of horrible internet you were on when you saw this error?

comment:4 Changed 18 months ago by teor

Status: assignednew

Mark all tickets that are assigned to nobody as "new".

Note: See TracTickets for help on using tickets.