[tbb-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 7 23:17:13 UTC 2019

#29430: Use uTLS for meek TLS camouflage in Tor Browser
     Reporter:  dcf                       |      Owner:  tbb-team
         Type:  enhancement               |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  meek utls
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
 Now that meek and meek_lite have or will soon have support for TLS
 camouflage using uTLS (#29077), we have the option of using that instead
 of the meek-http-helper headless Firefox extension.

 The torrc line:
 ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-
 client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client
 will lose the meek-client-torbrowser to become just
 ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-

 In bridge_prefs.js, the bridge line will get an additional `utls`
 meek 97700DFE9F483596DDA6264C4D7DF7641E1E39CE
 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com

 There's the option of continuing to use the same meek repo as we do now;
 or of removing that code and using obfs4proxy instead, since they both
 have uTLS support. Using obfs4proxy will have the advantage of smaller
 packaging, because there will be one binary instead of two.

 There's one more complication, which is tor-launcher and Moat. tor-
 launcher has its own meek configuration separate from Tor Browser's. It
 gets the path to the meek-client executable [https://gitweb.torproject.org
 settings.js?h=0.2.18#n539 from the control port] (ultimately from torrc-
 defaults), but it has [https://gitweb.torproject.org/tor-
 launcher.git/tree/src/defaults/preferences/prefs.js?h=0.2.18#n48 its own
 version] of the `url=` and `front=` parameters, and it
 bridgedb.jsm?h=0.2.18#n211 passes those to the executable] to the
 executable as `-url` and `-front` command line arguments, not as SOCKS
 args. meek-client with uTLS has a `-utls` command line arg, so that's easy
 to adapt; but since obfs4proxy doesn't understand those command line args,
 either obfs4proxy would have to add them, or tor-launcher would have to
 start passing them as SOCKS args.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29430>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list