Opened 6 years ago

Closed 6 years ago

#13182 closed enhancement (invalid)

Meek's TLS client hello should use system time

Reported by: cypherpunks Owned by: dcf
Priority: Medium Milestone:
Component: Circumvention/meek Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Since Meek's purpose is to hide and blend in like a typical Firefox user browsing, the time sent in the TLS client hello handshake should use the user's local or system time, not the common time as in general tor usage.

This will lead to meek page requests look like typical visit, to ISP, or anyone between user and ISP, or between ISP and Google App.

Child Tickets

Change History (2)

comment:1 Changed 6 years ago by dcf

Status: newneeds_information

Do you mean the gmt_unix_time field? When you're using the Firefox helper; i.e., using meek in the Tor Browser Bundle, the gmt_unix_time field is randomized just like it is in Firefox:

See doc/meek#Sampleclienthellos where the time is actually just random numbers:

-                gmt_unix_time: Jul 12, 2089 08:23:06.000000000 PDT
+                gmt_unix_time: Oct 23, 2081 13:09:42.000000000 PDT

If you know of a case where Firefox 24 does not randomize the gmt_unix_time field by default, please let me know and add it to the doc/meek/SampleClientHellos page. You can use this command to see Client Hello messages:

tshark -V -2 -R ssl.handshake.ciphersuites

If you're talking about the basic meek-client program without the browser helper, it is true that it doesn't look like Firefox. The mismatches are deep and impossible to fix, for example the Go crypto/tls library doesn't even support all the ciphersuites that Firefox does. That's exactly why the browser helper exists, so we don't waste time trying to make one TLS implementation look like another.

It's possible I misunderstood your request; please let me know if so.

comment:2 Changed 6 years ago by dcf

Resolution: invalid
Status: needs_informationclosed

Closing this ticket; I think it was based on a misunderstanding.

Note: See TracTickets for help on using tickets.