Opened 15 months ago

Last modified 5 months ago

#22513 new defect

Tor Browser connects to the same circuit even after CONNRESET received

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability-website
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor Browser connects to the same circuit even after CONNRESET received. That ends with "Secure Connection Failed" page.

[06-06 17:32:12] Torbutton INFO: controlPort >> 650 STREAM 1954 REMAP 393 138.201.212.227:443 SOURCE=EXIT
[06-06 17:32:12] Torbutton INFO: controlPort >> 650 STREAM 1954 SUCCEEDED 393 138.201.212.227:443
[06-06 17:32:12] Torbutton INFO: controlPort >> 650 STREAM 1954 CLOSED 393 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
Use of getPreventDefault() is deprecated.  Use defaultPrevented instead.  jquery.js:3:7052
[06-06 17:32:13] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/timeline via
                       torproject.org:a7eac59b7dfafaad4c547239cc9ef742
[06-06 17:32:13] Torbutton INFO: controlPort >> 650 STREAM 1955 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:53314 PURPOSE=USER
[06-06 17:32:13] Torbutton INFO: controlPort >> 650 STREAM 1955 SENTCONNECT 393 trac.torproject.org:443
[06-06 17:32:14] Torbutton INFO: controlPort >> 650 STREAM 1955 REMAP 393 138.201.212.227:443 SOURCE=EXIT
[06-06 17:32:14] Torbutton INFO: controlPort >> 650 STREAM 1955 SUCCEEDED 393 138.201.212.227:443
[06-06 17:32:14] Torbutton INFO: controlPort >> 650 STREAM 1955 CLOSED 393 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET

Any subsequent attempts to refresh the page (including "Try Again" button) end with nothing (because circuit doesn't change).

[06-06 17:36:32] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/timeline via
                       torproject.org:a7eac59b7dfafaad4c547239cc9ef742
[06-06 17:36:32] Torbutton INFO: controlPort >> 650 STREAM 1956 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:53319 PURPOSE=USER
[06-06 17:36:32] Torbutton INFO: controlPort >> 650 STREAM 1956 SENTCONNECT 393 trac.torproject.org:443
[06-06 17:36:32] Torbutton INFO: controlPort >> 650 STREAM 1956 REMAP 393 138.201.212.227:443 SOURCE=EXIT
[06-06 17:36:32] Torbutton INFO: controlPort >> 650 STREAM 1956 SUCCEEDED 393 138.201.212.227:443
[06-06 17:36:33] Torbutton INFO: controlPort >> 650 STREAM 1956 CLOSED 393 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET

Even "New Tor Circuit for this Site" ends with nothing (because it changes the default circuit!).

[06-06 17:40:35] Torbutton INFO: New domain isolation for --unknown--: a9feb8e55bbdc3d5e6d8be2e5c473674
[06-06 17:40:35] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/timeline via
                       torproject.org:a7eac59b7dfafaad4c547239cc9ef742
[06-06 17:40:36] Torbutton INFO: controlPort >> 650 STREAM 1961 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:53328 PURPOSE=USER
[06-06 17:40:36] Torbutton INFO: controlPort >> 650 STREAM 1961 SENTCONNECT 393 trac.torproject.org:443
[06-06 17:40:36] Torbutton INFO: controlPort >> 650 STREAM 1961 REMAP 393 138.201.212.227:443 SOURCE=EXIT
[06-06 17:40:36] Torbutton INFO: controlPort >> 650 STREAM 1961 SUCCEEDED 393 138.201.212.227:443
[06-06 17:40:37] Torbutton INFO: controlPort >> 650 STREAM 1961 CLOSED 393 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET

Child Tickets

Change History (9)

comment:1 Changed 15 months ago by gk

Status: newneeds_information

I just hit the same issue but changing the circuit worked for me (tested with the 7.0 rc). I wonder why it is changing the default circuit for you. Which operating system are you on? And which Tor Browser version?

comment:2 Changed 15 months ago by cypherpunks

Maybe, because "Secure Connection Failed" page has about: address, and it has the default circuit? (Tor Browser 7.0a4)

comment:3 Changed 15 months ago by cypherpunks

Here is the way to test this reliably https://pinning-test.badssl.com/

comment:4 in reply to:  3 Changed 15 months ago by gk

Replying to cypherpunks:

Here is the way to test this reliably https://pinning-test.badssl.com/

Thanks, that's helpful. So, what is the scope of this bug then? Is it: Clicking on the "Try Again" button should change the circuit when CONNRESET is received? Or is it: "New Tor Circuit for this Site" should indeed change the circuit for it and not the catch-all one? Or is it both?

(FWIW: I think it should be the second option).

comment:5 Changed 15 months ago by cypherpunks

The main issue of this ticket is

Tor Browser connects to the same circuit even after CONNRESET received. That ends with "Secure Connection Failed" page.

Without that no error would occur.
The second issue, like in comment:3, is that

"New Tor Circuit for this Site" should indeed change the circuit for it and not the catch-all one

(it has no relevance to CONNRESET)

comment:6 in reply to:  5 ; Changed 15 months ago by gk

Replying to cypherpunks:

The main issue of this ticket is

Tor Browser connects to the same circuit even after CONNRESET received. That ends with "Secure Connection Failed" page.

Without that no error would occur.

So what should happen under the hood? Tor Browser should be smart enough to use a new circuit automatically when CONNRESET is received?

The second issue, like in comment:3, is that

"New Tor Circuit for this Site" should indeed change the circuit for it and not the catch-all one

(it has no relevance to CONNRESET)

Then let's track it in a different bug: #22538.

comment:7 in reply to:  6 Changed 15 months ago by cypherpunks

Replying to gk:

Replying to cypherpunks:

The main issue of this ticket is

Tor Browser connects to the same circuit even after CONNRESET received. That ends with "Secure Connection Failed" page.

Without that no error would occur.

So what should happen under the hood?

Something that allows to continue browsing the site.

Tor Browser should be smart enough to use a new circuit automatically when CONNRESET is received?

Are other options available?
Without new circuit any request ends with CONNRESET, even in a new tab, making website inaccessible.

The second issue, like in comment:3, is that

"New Tor Circuit for this Site" should indeed change the circuit for it and not the catch-all one

(it has no relevance to CONNRESET)

Then let's track it in a different bug: #22538.

No problem.

comment:8 Changed 11 months ago by cypherpunks

Keywords: tbb-usability-website added; tbb-usability removed
Status: needs_informationnew

comment:9 Changed 5 months ago by cypherpunks

Note: See TracTickets for help on using tickets.