Hi,
What is the easiest/fastest way to figure out which cipher suites old versions of the tor firefox client exported during the client hello.
On Tue, Jun 07, 2016 at 11:21:25AM -0700, Ben Mixon-Baca wrote:
What is the easiest/fastest way to figure out which cipher suites old versions of the tor firefox client exported during the client hello.
You can download old versions here: https://archive.torproject.org/tor-package-archive/torbrowser/ You can capture traffic with tcpdump and then dissect the client hello with: tshark -V -2 -R ssl.handshake.ciphersuites -r file.pcap
Here is the tor source file that shows what ciphers the client tries to use. I suppose that the actual list may vary depending on what OpenSSL has available, etc. https://gitweb.torproject.org/tor.git/tree/src/common/ciphers.inc The file hasn't changed since 2014: https://gitweb.torproject.org/tor.git/log/src/common/ciphers.inc
Here's an old ticket having to do with DPI on the ciphersuite list: https://bugs.torproject.org/4744 "GFW probes based on Tor's SSL cipher list"