GFW probes based on Tor's SSL cipher list
|Reported by:||asn||Owned by:||nickm|
|Severity:||Keywords:||tls fingerprinting tor-bridge|
|Cc:||asn, runa, rransom, nickm, twilde, phobos, ln5||Actual Points:|
Tim's tests show that GFW is probing v2/v3 bridges based on the Tor cipher list. Tor is using 28 static ciphers (src/common/ciphers.inc) for the SSL ClientHello of the v2/v3 link handshakes, and GFW seems to get agitated by them.
The question mark in the ticket title reflects the fact that this is not 100% verified, even though Tim dodged probing by simply removing two ciphersuites from ciphers.inc , when the same ClientHello, but with full ciphers.inc, was always getting probed (IIRC).
Tim said he is gonna look into this soon-ish, so that the question mark can be removed from the title.
In any case, this ticket is to find a good tactic to remove this static fingerprint from Tor's SSL handshake. My patch in  might do it, but it doesn't seem very future-proof.
We should probably see what Firefox does, and hope that it doesn't interfere with v2 signalling.
diff --git a/src/common/ciphers.inc b/src/common/ciphers.inc index c84620d..99ec494 100644 --- a/src/common/ciphers.inc +++ b/src/common/ciphers.inc @@ -111,16 +111,6 @@ #else XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) #endif -#ifdef SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA - CIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) -#else - XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) -#endif -#ifdef SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA - CIPHER(0x0013, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA) -#else - XCIPHER(0x0013, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA) -#endif #ifdef TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA CIPHER(0xc00d, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA) #else
Change History (37)
comment:3 follow-ups: ↓ 6 ↓ 8 Changed 5 years ago by nickm
- Milestone set to Tor: 0.2.3.x-final
- Owner set to nickm
- Priority changed from blocker to major
- Status changed from new to accepted
comment:9 Changed 5 years ago by phw
- Summary changed from GFW probes based on Tor's SSL cipher list (?) to GFW probes based on Tor's SSL cipher list
comment:15 follow-up: ↓ 16 Changed 5 years ago by nickm
- Status changed from needs_review to needs_revision
Changed 5 years ago by hellais
comment:33 Changed 5 years ago by nickm
- Resolution set to implemented
- Status changed from needs_review to closed