[tbb-dev] Determining cipher suites

David Fifield david at bamsoftware.com
Mon Jun 27 20:52:45 UTC 2016


On Tue, Jun 07, 2016 at 11:21:25AM -0700, Ben Mixon-Baca wrote:
> What is the easiest/fastest way to figure out which cipher suites old
> versions of the tor firefox client exported during the client hello.

You can download old versions here:
	https://archive.torproject.org/tor-package-archive/torbrowser/
You can capture traffic with tcpdump and then dissect the client hello
with:
	tshark -V -2 -R ssl.handshake.ciphersuites -r file.pcap

Here is the tor source file that shows what ciphers the client tries to
use. I suppose that the actual list may vary depending on what OpenSSL
has available, etc.
	https://gitweb.torproject.org/tor.git/tree/src/common/ciphers.inc
The file hasn't changed since 2014:
	https://gitweb.torproject.org/tor.git/log/src/common/ciphers.inc

Here's an old ticket having to do with DPI on the ciphersuite list:
	https://bugs.torproject.org/4744 "GFW probes based on Tor's SSL cipher list"


More information about the tbb-dev mailing list