[tbb-dev] Determining cipher suites

David Fifield david at bamsoftware.com
Mon Jun 27 20:52:45 UTC 2016

On Tue, Jun 07, 2016 at 11:21:25AM -0700, Ben Mixon-Baca wrote:
> What is the easiest/fastest way to figure out which cipher suites old
> versions of the tor firefox client exported during the client hello.

You can download old versions here:
You can capture traffic with tcpdump and then dissect the client hello
	tshark -V -2 -R ssl.handshake.ciphersuites -r file.pcap

Here is the tor source file that shows what ciphers the client tries to
use. I suppose that the actual list may vary depending on what OpenSSL
has available, etc.
The file hasn't changed since 2014:

Here's an old ticket having to do with DPI on the ciphersuite list:
	https://bugs.torproject.org/4744 "GFW probes based on Tor's SSL cipher list"

More information about the tbb-dev mailing list