Iran (#7141, #8443)

Summary of the current situation

DISCLAIMER: The following is a hypothesis and needs further testing and verification (#7141)! The ISP "Pars Online" seems to be blocking Tor. Apparently, DPI boxes are extracting the domain in the server_hello extension in the TLS client hello. If the domain resolves successfully and the remote machine is listening on port 443, the TLS client hello seems to pass. Apparently, omitting the server_hello extension or setting it to evades the filters.

In addition, some DPI boxes are deployed which fingerprint information in the TLS client key exchange and silently drop the segment if found.

First witnessed

The Pars Online might have begun at the beginning of October 2012. The first reports about the TLS client key exchange drop also appeared at the beginning of October 2012.

Last witnessed

It looks like both blocks are still ongoing. The Pars Online block might however not be targeting Tor in particular. Also, it might not be limited to Pars Online.

Tor censorship

Types of non-Tor censorship

Ways to bypass censorship

  • Some users have reported that obfsproxy works as of May 2013, this may no longer be the case.

Type of firewall


Reproducing the blocking


Information source:

Last modified 4 years ago Last modified on Jan 22, 2015, 11:46:03 PM