On Tue, Aug 14, 2012 at 05:13:56PM +0200, tor-admin wrote:
My understanding of bridge detection was, that Chinas GFW is able to detect the Tor SSL handshake and does active bridge probing after a successful connection to a (for the GFW) unknown bridge IP. So they should be able to block any bridge publish or unpublished very quickly, if someone from behind the GFW connects to a bridge. Am I missing something?
We haven't made a big fuss about it, but Tor 0.2.3.17-beta uses a new ciphersuite in the ssl client hello, and I believe China's current DPI doesn't notice it.
https://lists.torproject.org/pipermail/tor-talk/2012-June/024511.html
The extra-fun part is that if a Tor 0.2.2 client connects to the bridge, it triggers the probing you describe (and thus the blocking). But if only Tor 0.2.3.17+ clients connect, no probing (and thus no blocking).
Obfsproxy's obfs2 protocol is way better at not getting blocked currently; but I'm holding out for an obfs3 release, with a new protocol that's harder to DPI for, before we push for a big rollout there.
--Roger