[tbb-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 6 04:32:16 UTC 2019 

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--------------------------------------+--------------------------
 Reporter:  dcf                       |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  meek utls                 |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by dcf):

 Replying to [comment:7 dcf]:
 > Heads up, upstream utls fixed a distinguishability bug recently. A
 second ClientHello (which the client sends after the server sends a
 HelloRetryRequest) was not being camouflaged correctly. I confirmed that
 the bug existed with HelloChrome_70 against ajax.aspnetcdn.com, but I
 haven't personally tested yet that the fix actually fixes it. When I do,
 I'll update the branch.
 > https://github.com/refraction-networking/utls/pull/21

 Here's an updated branch with the aforementioned uTLS fix. It also
 requires a patch, attachment:tor-launcher-Make-uTLS-
 aware.helloretry.patch, that makes tor-launcher pass the `utls=` SOCKS arg
 (applies on top of comment:4:ticket:29627).

  * [https://gitweb.torproject.org/user/dcf/tor-browser-build.git/log/?h
 =meek-client-utls_2&id=b8a752802f177abf38f61c0b55c5325556986a3e new
 commits]
  * [https://gitweb.torproject.org/user/dcf/tor-browser-build.git/diff/?h
 =meek-client-
 utls_2&id=b8a752802f177abf38f61c0b55c5325556986a3e&id2=616fbe2c19a9fce7a9d0adbc466b259c18c45fb8
 diff] since comment:1

 Here is a packet capture: attachment:torbrowser-utls-helloretry.pcap.gz.
 And below are the fingerprints. The first one looks like Chrome, as
 expected. The second one (sent in response to HelloRetryRequest) seems to
 be very uncommon, but possibly I am misinterpreting the results. I've
 asked Sergey to look at it.
  * [https://tlsfingerprint.io/id/bc4c7e42f4961cd7 bc4c7e42f4961cd7]
 [https://web.archive.org/web/20190306042947/https://tlsfingerprint.io/id/bc4c7e42f4961cd7
 (archive)] rank 11
  * [https://tlsfingerprint.io/id/6f8a8a4b42dd552d 6f8a8a4b42dd552d]
 [https://web.archive.org/web/20190306043034/https://tlsfingerprint.io/id/6f8a8a4b42dd552d
 (archive)] rank 13911
  * [https://tlsfingerprint.io/compare/bc4c7e42f4961cd7/6f8a8a4b42dd552d
 comparison]

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29430#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list