[tor-bugs] #4744 [Tor Bridge]: GFW probes based on Tor's SSL cipher list (?)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Dec 19 14:22:03 UTC 2011

#4744: GFW probes based on Tor's SSL cipher list (?)
 Reporter:  asn         |          Owner:       
     Type:  defect      |         Status:  new  
 Priority:  blocker     |      Milestone:       
Component:  Tor Bridge  |        Version:       
 Keywords:              |         Parent:  #4185
   Points:              |   Actualpoints:       
 Tim's tests show that GFW is probing v2/v3 bridges based on the Tor cipher
 list. Tor is using 28 static ciphers (`src/common/ciphers.inc`) for the
 SSL ClientHello of the v2/v3 link handshakes, and GFW seems to get
 agitated by them.

 The question mark in the ticket title reflects the fact that this is not
 100% verified, even though Tim dodged probing by simply removing two
 ciphersuites from `ciphers.inc` [0], when the same ClientHello, but with
 full ciphers.inc, was always getting probed (IIRC).

 Tim said he is gonna look into this soon-ish, so that the question mark
 can be removed from the title.

 In any case, this ticket is to find a good tactic to remove this static
 fingerprint from Tor's SSL handshake. My patch in [0] might do it, but it
 doesn't seem very future-proof.

 We should probably see what Firefox does, and hope that it doesn't
 interfere with v2 signalling.

 diff --git a/src/common/ciphers.inc b/src/common/ciphers.inc
 index c84620d..99ec494 100644
 --- a/src/common/ciphers.inc
 +++ b/src/common/ciphers.inc
 @@ -111,16 +111,6 @@
 -#ifdef SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA
 -    CIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
 -#ifdef SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA
 -    CIPHER(0x0013, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA)

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4744>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list