#17473 closed defect (fixed)
Update the meek-amazon fingerprint to B9E7141C594AF25699E0079C1F0146F409495296
Reported by: | dcf | Owned by: | tbb-team |
---|---|---|---|
Priority: | High | Milestone: | |
Component: | Applications/Tor Browser | Version: | |
Severity: | Normal | Keywords: | TorBrowserTeam201510R meek tor-assistants tbb-bridges |
Cc: | tim@… | Actual Points: | |
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
Hash: SHA1
The bridge fingerprint for the meek-amazon bridge has changed. It was:
4EE0CC769EB4B15A872F742EDE27D298A59DCADE
but is now:
6DDD1DB8526282837C50E9AB5D14AB50150CD624
People who try using meek-amazon are getting a message like this in
their logs:
Oct 30 09:18:46.000 [warn] Tried connecting to router at 0.0.2.0:2, but identity key was not as expected: wanted 4EE0CC769EB4B15A872F742EDE27D298A59DCADE but got 6DDD1DB8526282837C50E9AB5D14AB50150CD624.
The bridge changed fingerprint when it was rebooted on 2015-10-09 to
renew its TLS certificate:
https://lists.torproject.org/pipermail/tor-talk/2015-October/039234.html
I neglected to test the bridge using a configured bridge fingerprint.
(I only tested it using a configuration that did not specify a
fingerprint.) According to the bridge operator, the old identity key is
lost.
Please update the bridge's key in bridge_prefs.js. I will attach a
patch.
Version: GnuPG v1
iQIcBAEBAgAGBQJWM5u3AAoJEOK5PYFc04jlsRcP/il8KGrD1ORuCmSv0leH20ob
NAAsRAAaV12PL9CSKuZS9lQi8InfMvZQSz56MyCkIGkFsgn8TlIq6O8nd1tpC3PM
98S+hwrqbXfs85nGdsYPtWZ4HrKfQkRnxBGErM0ideL6EVLi+fy0B+S83o02ktfl
ZB28xs675FjLoEWZhMCDya3hjFQk/vMJXHEOK3GaFzTb6Gj0ELHUCS2ETcCNTSux
g/U4xO0Z4Kk42DY00VPJwFjRc2PQ3pEQ/cZECO20D1erhELFzfQScaeWMpH6M2cV
gKSxCWpUOpZOuzCriaGveY8Vx1dM0HrmCEdtTwR/U6yN5UtXB06G92u2uuj9UuAQ
FAHaqaKpA7nwiNldyGXFsDHFkNb9DHK5O9Y25brTCT7M8MAC1P3gAha0KmLtDUZz
gSj/BEs1mGOQN2NozW4kT3OmBj5Ar8TjAIqt0P55zHMREbB7ZYxaFiFtiFxIrGwo
HqgIgQu5rU944Ut9SA2nA93onkqdYDp6F+4LgrDfoZUvttRM99nUMPlCrCbtWebn
i6R8RhunN1isjpSIv+M1J0rl5s79WXhHY4Bseja5sgX60AkApukaRwBBY1cgS3QZ
ADqj1mBttTKJM4DeemPOsA0IHyNY+kBHc7AeNAizU4ULozA+5yYGwKJWiARU3z+w
frtlxHT+WoWlswOkq7Xh
=ImMV
Child Tickets
Attachments (2)
Change History (12)
comment:1 Changed 3 years ago by
Changed 3 years ago by
Attachment: | 0001-Update-meek-amazon-bridge-fingerprint-to-6DDD1DB8526.patch added |
---|
comment:2 Changed 3 years ago by
Status: | new → needs_review |
---|
Here is the patch: attachment:0001-Update-meek-amazon-bridge-fingerprint-to-6DDD1DB8526.patch.
I was soon going to file a ticket to remove meek-amazon from the browser anyway (cf. #17330). But we should apply this patch so that the correct current fingerprint appears in the commit history.
comment:3 Changed 3 years ago by
Stand by; the bridge operator told me they are going to leave a comment on this ticket with the long-term fingerprint to use.
comment:4 Changed 3 years ago by
Cc: | tim@… added |
---|---|
Keywords: | tor-assistants added |
comment:5 Changed 3 years ago by
Please let me know as soon as possible what to include. The next stable release is actually already built and on tor-qa but we are willing to rebundle once more for this fix.
comment:6 Changed 3 years ago by
Please use the following fingerprint:
B9E7141C594AF25699E0079C1F0146F409495296
dcf, I send you a signed email with the fingerprint. Please confirm.
Changed 3 years ago by
Attachment: | 0001-Update-meek-amazon-bridge-fingerprint-to-B9E7141C594.patch added |
---|
comment:7 Changed 3 years ago by
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I received a signed email from the bridge operator saying to use this fingerprint: B9E7141C594AF25699E0079C1F0146F409495296 I have tested it just now with this bridge line: Bridge meek 0.0.2.0:2 B9E7141C594AF25699E0079C1F0146F409495296 url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com I've attached a new patch to use this fingerprint. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWM/k4AAoJEOK5PYFc04jl8JoP/30D5ASboLTFq0MpbjrwsryZ cVBJetJMk3FrMKohnZKZdbIRi4KfVE+qWUVprJLZgfN/euVG8OT2awAJT+ENdMnB NAeu9NBqkoZf9+NjFdCSdnG6exsXSIgWlaCPRp9G/WyIn5uFeFeNifpnvFTjAdR0 EsuzAez12xwL3McMu9xthM0s17zU8kgfDx1/3acgC/LRF2Q67qNGZ4NScQwrDnoR tZ77x8ok+qKZ9+Vn67syk2m5tAin7uqWdLH1bxiTfrb5EfySwht9QNUQyZIRjbxa MjeQPHuXwfTzbgRUs3+xSpUOrR03dawKq9DcP3fsbo6mE0GeCBqKTDDDR53EDHo9 aFe8NyvakHgKfCjdBSJ2xDuoNFjE8ACKxAT8zHK74zmrjSDLX9pva3rSP3tyoDXb wEVHRbXsYL1MHhAjQDjghV2Z5+Q1ygza3ItJfAkkSbmVW2Qra0aOYNZ/7U/GUCFH ndkJRHeef245jQpO3aVjnsut38/cSg6Z3fFl47Irxl9m3sD4qDt2bAqcHaMbtCJF eL7XCQ2rtDmosXfjK/7N2PVPEUJ0lBVKr4s84I6bw4xRrE/Ge6dNNByGXQpvqHVN uthSjkVXXQQjwh9bPDYvrV3XWHk41mMWPy7GmtlRUd6sE2MM91iznRB/TbSjvhWm 8fg+5ayQne748lFXuGjt =oTN9 -----END PGP SIGNATURE-----
This is the patch: attachment:0001-Update-meek-amazon-bridge-fingerprint-to-B9E7141C594.patch.
comment:8 Changed 3 years ago by
Summary: | Update the meek-amazon fingerprint to 6DDD1DB8526282837C50E9AB5D14AB50150CD624 → Update the meek-amazon fingerprint to B9E7141C594AF25699E0079C1F0146F409495296 |
---|
comment:9 Changed 3 years ago by
Resolution: | → fixed |
---|---|
Status: | needs_review → closed |
That'll make it in all upcoming releases (5.0.4/5.5a4/5.5a4-hardened).
comment:10 Changed 2 years ago by
Keywords: | tbb-bridges added |
---|
Sorry, I screwed up the PGP formatting in the description.