Opened 2 years ago

Closed 7 weeks ago

#22513 closed defect (fixed)

Tor Browser connects to the same circuit even after CONNRESET received

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability-website, TorBrowserTeam201904
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor Browser connects to the same circuit even after CONNRESET received. That ends with "Secure Connection Failed" page.

[06-06 17:32:12] Torbutton INFO: controlPort >> 650 STREAM 1954 REMAP 393 138.201.212.227:443 SOURCE=EXIT
[06-06 17:32:12] Torbutton INFO: controlPort >> 650 STREAM 1954 SUCCEEDED 393 138.201.212.227:443
[06-06 17:32:12] Torbutton INFO: controlPort >> 650 STREAM 1954 CLOSED 393 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
Use of getPreventDefault() is deprecated.  Use defaultPrevented instead.  jquery.js:3:7052
[06-06 17:32:13] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/timeline via
                       torproject.org:a7eac59b7dfafaad4c547239cc9ef742
[06-06 17:32:13] Torbutton INFO: controlPort >> 650 STREAM 1955 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:53314 PURPOSE=USER
[06-06 17:32:13] Torbutton INFO: controlPort >> 650 STREAM 1955 SENTCONNECT 393 trac.torproject.org:443
[06-06 17:32:14] Torbutton INFO: controlPort >> 650 STREAM 1955 REMAP 393 138.201.212.227:443 SOURCE=EXIT
[06-06 17:32:14] Torbutton INFO: controlPort >> 650 STREAM 1955 SUCCEEDED 393 138.201.212.227:443
[06-06 17:32:14] Torbutton INFO: controlPort >> 650 STREAM 1955 CLOSED 393 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET

Any subsequent attempts to refresh the page (including "Try Again" button) end with nothing (because circuit doesn't change).

[06-06 17:36:32] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/timeline via
                       torproject.org:a7eac59b7dfafaad4c547239cc9ef742
[06-06 17:36:32] Torbutton INFO: controlPort >> 650 STREAM 1956 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:53319 PURPOSE=USER
[06-06 17:36:32] Torbutton INFO: controlPort >> 650 STREAM 1956 SENTCONNECT 393 trac.torproject.org:443
[06-06 17:36:32] Torbutton INFO: controlPort >> 650 STREAM 1956 REMAP 393 138.201.212.227:443 SOURCE=EXIT
[06-06 17:36:32] Torbutton INFO: controlPort >> 650 STREAM 1956 SUCCEEDED 393 138.201.212.227:443
[06-06 17:36:33] Torbutton INFO: controlPort >> 650 STREAM 1956 CLOSED 393 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET

Even "New Tor Circuit for this Site" ends with nothing (because it changes the default circuit!).

[06-06 17:40:35] Torbutton INFO: New domain isolation for --unknown--: a9feb8e55bbdc3d5e6d8be2e5c473674
[06-06 17:40:35] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/timeline via
                       torproject.org:a7eac59b7dfafaad4c547239cc9ef742
[06-06 17:40:36] Torbutton INFO: controlPort >> 650 STREAM 1961 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:53328 PURPOSE=USER
[06-06 17:40:36] Torbutton INFO: controlPort >> 650 STREAM 1961 SENTCONNECT 393 trac.torproject.org:443
[06-06 17:40:36] Torbutton INFO: controlPort >> 650 STREAM 1961 REMAP 393 138.201.212.227:443 SOURCE=EXIT
[06-06 17:40:36] Torbutton INFO: controlPort >> 650 STREAM 1961 SUCCEEDED 393 138.201.212.227:443
[06-06 17:40:37] Torbutton INFO: controlPort >> 650 STREAM 1961 CLOSED 393 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET

Child Tickets

Change History (11)

comment:1 Changed 2 years ago by gk

Status: newneeds_information

I just hit the same issue but changing the circuit worked for me (tested with the 7.0 rc). I wonder why it is changing the default circuit for you. Which operating system are you on? And which Tor Browser version?

comment:2 Changed 2 years ago by cypherpunks

Maybe, because "Secure Connection Failed" page has about: address, and it has the default circuit? (Tor Browser 7.0a4)

comment:3 Changed 2 years ago by cypherpunks

Here is the way to test this reliably https://pinning-test.badssl.com/

comment:4 in reply to:  3 Changed 2 years ago by gk

Replying to cypherpunks:

Here is the way to test this reliably https://pinning-test.badssl.com/

Thanks, that's helpful. So, what is the scope of this bug then? Is it: Clicking on the "Try Again" button should change the circuit when CONNRESET is received? Or is it: "New Tor Circuit for this Site" should indeed change the circuit for it and not the catch-all one? Or is it both?

(FWIW: I think it should be the second option).

comment:5 Changed 2 years ago by cypherpunks

The main issue of this ticket is

Tor Browser connects to the same circuit even after CONNRESET received. That ends with "Secure Connection Failed" page.

Without that no error would occur.
The second issue, like in comment:3, is that

"New Tor Circuit for this Site" should indeed change the circuit for it and not the catch-all one

(it has no relevance to CONNRESET)

comment:6 in reply to:  5 ; Changed 2 years ago by gk

Replying to cypherpunks:

The main issue of this ticket is

Tor Browser connects to the same circuit even after CONNRESET received. That ends with "Secure Connection Failed" page.

Without that no error would occur.

So what should happen under the hood? Tor Browser should be smart enough to use a new circuit automatically when CONNRESET is received?

The second issue, like in comment:3, is that

"New Tor Circuit for this Site" should indeed change the circuit for it and not the catch-all one

(it has no relevance to CONNRESET)

Then let's track it in a different bug: #22538.

comment:7 in reply to:  6 Changed 2 years ago by cypherpunks

Replying to gk:

Replying to cypherpunks:

The main issue of this ticket is

Tor Browser connects to the same circuit even after CONNRESET received. That ends with "Secure Connection Failed" page.

Without that no error would occur.

So what should happen under the hood?

Something that allows to continue browsing the site.

Tor Browser should be smart enough to use a new circuit automatically when CONNRESET is received?

Are other options available?
Without new circuit any request ends with CONNRESET, even in a new tab, making website inaccessible.

The second issue, like in comment:3, is that

"New Tor Circuit for this Site" should indeed change the circuit for it and not the catch-all one

(it has no relevance to CONNRESET)

Then let's track it in a different bug: #22538.

No problem.

comment:8 Changed 20 months ago by cypherpunks

Keywords: tbb-usability-website added; tbb-usability removed
Status: needs_informationnew

comment:9 Changed 14 months ago by cypherpunks

comment:10 Changed 7 weeks ago by gk

Keywords: TorBrowserTeam201904 added

Fixed with patch for #22538.

comment:11 Changed 7 weeks ago by gk

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.