Opened 3 years ago

Last modified 2 years ago

#14883 new defect

Orbot handshake fails on networks with Blue Coat Systems' technology

Reported by: ProGamerGov Owned by: n8fr8
Priority: Medium Milestone:
Component: Applications/Orbot Version: Tor: 0.2.5.10
Severity: Normal Keywords: Blue, coat, systems, proxySG
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Bootstrapping fails at 85%.

Child Tickets

Change History (16)

comment:1 Changed 3 years ago by ProGamerGov

Orbot is starting…
checking binary version: 0.2.5.10-openssl1.0.1i-nonPIE-polipofix
updating torrc custom configuration...
success.
Waiting for control port...
Connecting to control port: 48040
NOTICE: New control connection opened from 127.0.0.1.
Orbot is starting…
Waiting for control port...
Connecting to control port: 48040
NOTICE: New control connection opened from 127.0.0.1.
SUCCESS connected to Tor control port.
SUCCESS - authenticated to control port.
Starting Tor client… complete.
adding control port event handler
SUCCESS added control port event handler
SUCCESS connected to Tor control port.
Set background service to FOREGROUND
WARN: Problem bootstrapping. Stuck at 80%: Connecting to the Tor network. (Connection timed out; TIMEOUT; count 2; recommendation warn)
WARN: Problem bootstrapping. Stuck at 80%: Connecting to the Tor network. (Connection timed out; TIMEOUT; count 2; recommendation warn)
WARN: 1 connections have failed:
WARN:  1 connections died in state connect()ing with SSL state (No SSL object)
WARN: 1 connections have failed:
WARN:  1 connections died in state connect()ing with SSL state (No SSL object)

comment:2 Changed 3 years ago by ProGamerGov

Orbot is starting…
checking binary version: 0.2.5.10-openssl1.0.1i-nonPIE-polipofix
updating torrc custom configuration...
success.
Waiting for control port...
Orbot is starting…
Waiting for control port...
tor: PRE: Is binary exec? true
polipo: PRE: Is binary exec? true
obfsclient: PRE: Is binary exec? true
xtables: PRE: Is binary exec? true
Orbot is starting…
Orbot is starting…
updating torrc custom configuration...
success.
Orbot is starting…
Waiting for control port...
Connecting to control port: 54058
SUCCESS connected to Tor control port.
SUCCESS - authenticated to control port.
Starting Tor client… complete.
adding control port event handler
SUCCESS added control port event handler
NOTICE: Opening Socks listener on 127.0.0.1:9050
Local SOCKS port: 9050
NOTICE: Opening Transparent pf/netfilter listener on 127.0.0.1:9040
NOTICE: Closing no-longer-configured Transparent pf/netfilter listener on 127.0.0.1:48005
NOTICE: Closing old Transparent pf/netfilter listener on 127.0.0.1:48005
Local TransProxy port: 9040
NOTICE: Opening DNS listener on 127.0.0.1:5400
NOTICE: Closing no-longer-configured DNS listener on 127.0.0.1:42296
NOTICE: Closing old DNS listener on 127.0.0.1:42296
Local DNSPort port: 9040
Tor started; process id=11196
updating settings in Tor service
Set background service to FOREGROUND
Starting polipo process
NOTICE: Bridge at Bridge IP/Port REDACTED isn't reachable by our firewall policy. Asking bridge authority instead.
NOTICE: While fetching directory info, no running dirservers known. Will try again later. (purpose 6)
NOTICE: Delaying directory fetches: No running bridges
Polipo is running on port:8118
Polipo process id=11199

Last edited 3 years ago by yawning (previous) (diff)

comment:3 Changed 3 years ago by ProGamerGov

Orbot is starting…
checking binary version: 0.2.5.10-openssl1.0.1i-nonPIE-polipofix
updating torrc custom configuration...
success.
Waiting for control port...
Orbot is starting…
Waiting for control port...
tor: PRE: Is binary exec? true
polipo: PRE: Is binary exec? true
obfsclient: PRE: Is binary exec? true
xtables: PRE: Is binary exec? true
Orbot is starting…
Orbot is starting…
updating torrc custom configuration...
success.
Orbot is starting…
Waiting for control port...
Connecting to control port: 33160
SUCCESS connected to Tor control port.
SUCCESS - authenticated to control port.
Starting Tor client… complete.
adding control port event handler
SUCCESS added control port event handler
NOTICE: Opening Socks listener on 127.0.0.1:9050
Local SOCKS port: 9050
NOTICE: Opening Transparent pf/netfilter listener on 127.0.0.1:9040
NOTICE: Closing no-longer-configured Transparent pf/netfilter listener on 127.0.0.1:45340
NOTICE: Closing old Transparent pf/netfilter listener on 127.0.0.1:45340
Local TransProxy port: 9040
NOTICE: Opening DNS listener on 127.0.0.1:5400
NOTICE: Closing no-longer-configured DNS listener on 127.0.0.1:47374
NOTICE: Closing old DNS listener on 127.0.0.1:47374
Local DNSPort port: 9040
Tor started; process id=11856
updating settings in Tor service
Set background service to FOREGROUND
Starting polipo process
Polipo is running on port:8118
Polipo process id=11866
NOTICE: Bootstrapped 85%: Finishing handshake with first hop
NOTICE: Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for circuit)

comment:4 Changed 3 years ago by ProGamerGov

WARN:  1 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE
NOTICE: Your system clock just jumped 350 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 350 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 335 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 335 seconds forward; assuming established circuits no longer work.
WARN: Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (DONE; DONE; count 39; recommendation warn)
WARN: 23 connections have failed:
WARN:  19 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
WARN:  2 connections died in state connect()ing with SSL state (No SSL object)
WARN:  1 connections died in state handshaking (TLS) with SSL state SSLv3 read server session ticket A in HANDSHAKE
WARN:  1 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE
WARN: Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (DONE; DONE; count 39; recommendation warn)
WARN: 23 connections have failed:
WARN:  19 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
WARN:  2 connections died in state connect()ing with SSL state (No SSL object)
WARN:  1 connections died in state handshaking (TLS) with SSL state SSLv3 read server session ticket A in HANDSHAKE
WARN:  1 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE
NOTICE: Your system clock just jumped 151 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 151 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 299 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 299 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 120 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 120 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 120 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 120 seconds forward; assuming established circuits no longer work.
NOTICE: Your system clock just jumped 584 seconds forward; assuming established circuits no longer work.
WARN: Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (DONE; DONE; count 40; recommendation warn)
WARN: 24 connections have failed:
WARN:  20 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
WARN:  2 connections died in state connect()ing with SSL state (No SSL object)
WARN:  1 connections died in state handshaking (TLS) with SSL state SSLv3 read server session ticket A in HANDSHAKE
WARN:  1 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE
WARN: Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (DONE; DONE; count 41; recommendation warn)
WARN: 25 connections have failed:
WARN:  21 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
WARN:  2 connections died in state connect()ing with SSL state (No SSL object)
WARN:  1 connections died in state handshaking (TLS) with SSL state SSLv3 read server session ticket A in HANDSHAKE
WARN:  1 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE
NOTICE: Your system clock just jumped 584 seconds forward; assuming established circuits no longer work.
WARN: Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (DONE; DONE; count 40; recommendat

comment:5 Changed 3 years ago by ProGamerGov

Bridgelines REDACTED

Last edited 3 years ago by yawning (previous) (diff)

comment:6 Changed 3 years ago by ProGamerGov

Orbot is starting…
checking binary version: 0.2.5.10-openssl1.0.1i-nonPIE-polipofix
updating torrc custom configuration...
success.
Waiting for control port...
Orbot is starting…
Waiting for control port...
tor: PRE: Is binary exec? true
polipo: PRE: Is binary exec? true
obfsclient: PRE: Is binary exec? true
xtables: PRE: Is binary exec? true
Orbot is starting…
Orbot is starting…
updating torrc custom configuration...
success.
Orbot is starting…
Waiting for control port...
Connecting to control port: 42566
SUCCESS connected to Tor control port.
SUCCESS - authenticated to control port.
Starting Tor client… complete.
adding control port event handler
SUCCESS added control port event handler
NOTICE: Opening Socks listener on 127.0.0.1:9050
Local SOCKS port: 9050
NOTICE: Opening Transparent pf/netfilter listener on 127.0.0.1:9040
NOTICE: Closing no-longer-configured Transparent pf/netfilter listener on 127.0.0.1:56465
NOTICE: Closing old Transparent pf/netfilter listener on 127.0.0.1:56465
Local TransProxy port: 9040
NOTICE: Opening DNS listener on 127.0.0.1:5400
NOTICE: Closing no-longer-configured DNS listener on 127.0.0.1:35433
NOTICE: Closing old DNS listener on 127.0.0.1:35433
Local DNSPort port: 9040
Tor started; process id=1259
updating settings in Tor service
Set background service to FOREGROUND
Starting polipo process
NOTICE: Delaying directory fetches: No running bridges
Polipo is running on port:8118
Polipo process id=1275
NOTICE: Bootstrapped 85%: Finishing handshake with first hop
WARN: Proxy Client: unable to connect to Bridge IP/Port REDACTED ("Network unreachable")

Last edited 3 years ago by yawning (previous) (diff)

comment:7 Changed 3 years ago by ProGamerGov

Orbot is starting…
checking binary version: 0.2.5.10-openssl1.0.1i-nonPIE-polipofix
updating torrc custom configuration...
success.
Waiting for control port...
Orbot is starting…
Waiting for control port...
tor: PRE: Is binary exec? true
polipo: PRE: Is binary exec? true
obfsclient: PRE: Is binary exec? true
xtables: PRE: Is binary exec? true
Orbot is starting…
Orbot is starting…
updating torrc custom configuration...
success.
Orbot is starting…
Waiting for control port...
Connecting to control port: 54789
SUCCESS connected to Tor control port.
SUCCESS - authenticated to control port.
Starting Tor client… complete.
adding control port event handler
SUCCESS added control port event handler
NOTICE: Opening Socks listener on 127.0.0.1:9050
Local SOCKS port: 9050
NOTICE: Opening Transparent pf/netfilter listener on 127.0.0.1:9040
NOTICE: Closing no-longer-configured Transparent pf/netfilter listener on 127.0.0.1:40673
NOTICE: Closing old Transparent pf/netfilter listener on 127.0.0.1:40673
Local TransProxy port: 9040
NOTICE: Opening DNS listener on 127.0.0.1:5400
NOTICE: Closing no-longer-configured DNS listener on 127.0.0.1:58170
NOTICE: Closing old DNS listener on 127.0.0.1:58170
Local DNSPort port: 9040
Tor started; process id=5752
updating settings in Tor service
Set background service to FOREGROUND
Starting polipo process
NOTICE: Delaying directory fetches: No running bridges
Polipo is running on port:8118
Polipo process id=5770
NOTICE: Bootstrapped 85%: Finishing handshake with first hop
WARN: Proxy Client: unable to connect to Bridge IP/Port REDACTED ("TTL expired")

Last edited 3 years ago by yawning (previous) (diff)

comment:8 Changed 3 years ago by ProGamerGov

Version: Tor: unspecifiedTor: 0.2.5.10

comment:9 Changed 3 years ago by ProGamerGov

Summary: Handshake fails on networks with Blue Coat Systems' technologyOrbot handshake fails on networks with Blue Coat Systems' technology

comment:10 Changed 3 years ago by ProGamerGov

This issue here may be similar: https://dev.guardianproject.info/issues/2751

This one also describes the same issues I've been having: https://dev.guardianproject.info/issues/2750

Last edited 3 years ago by ProGamerGov (previous) (diff)

comment:11 Changed 3 years ago by yawning

Don't include bridge ip addresses/ports in bug reports.

comment:12 in reply to:  11 Changed 3 years ago by ProGamerGov

Replying to yawning:

Don't include bridge ip addresses/ports in bug reports.

My bad, will not happen again.

comment:13 Changed 3 years ago by ProGamerGov

Used obfs3 bridges and no bridges for my tests.

Last edited 3 years ago by ProGamerGov (previous) (diff)

comment:14 Changed 3 years ago by ProGamerGov

I can attempt to acquire more information on the affected network if needed and/or give any required information on my phone model.

My phone is rooted and currently running Android 4.4.2. I would need to know what tools/apps I can use to gather more information on the affected network to collect more information. I can currently say that I2P also can't get by the affected network. I have seen message like "SSL disabled" on various browsers on the affected network. Some sites have a red "HTTPS" and warn me before using them on the affected network. I know for a fact Blue Coat Systems' technology is deployed on the network (it's not a secret).

I have tested 3+ obsf3 bridges on the affected network. Only saved the logs for a few of the tests regrettably but they all had the same errors and debug logs essentially. So I doubt it's the bridge that causing this issue.

Last edited 3 years ago by ProGamerGov (previous) (diff)

comment:15 Changed 3 years ago by ProGamerGuy

Blue Coat Systems talks about how their ProxySG software can block Tor here: http://bluecoat.force.com/knowledgebase/articles/Solution/HowtomanageTortrafficwithaProxySG

I bet ProxySG is employed on the affected network.

comment:16 Changed 2 years ago by teor

Severity: Normal

Have you tried obfs4 bridges?
Or meek?

I found that meek was successful against SSL blocking on a local public wifi.

Note: See TracTickets for help on using tickets.