[tor-bugs] #4744 [Tor Bridge]: GFW probes based on Tor's SSL cipher list (?)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Dec 23 11:57:36 UTC 2011


#4744: GFW probes based on Tor's SSL cipher list (?)
------------------------+---------------------------------------------------
 Reporter:  asn         |          Owner:       
     Type:  defect      |         Status:  new  
 Priority:  blocker     |      Milestone:       
Component:  Tor Bridge  |        Version:       
 Keywords:              |         Parent:  #4185
   Points:              |   Actualpoints:       
------------------------+---------------------------------------------------

Comment(by asn):

 Firefox 8.0, in my environment, seems to send the following cipher suites
 in ClientHello:
 {{{
 TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
 TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
 TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
 TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
 TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
 TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
 TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
 TLS_RSA_WITH_RC4_128_MD5 (0x0004)
 TLS_RSA_WITH_RC4_128_SHA (0x0005)
 TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
 }}}

 which seem to be the ciphers enabled by default in about:config (in the
 `security.ssl3` area), plus the RI ciphersuite (0x00ff).

 The current Firefox defaults can be found in:
 https://mxr.mozilla.org/mozilla-central/source/netwerk/base/public
 /security-prefs.js
 (and https://hg.mozilla.org/mozilla-
 central/filelog/c5b90ea7e475/netwerk/base/public/security-prefs.js)

 and some relevant code is:
 https://mxr.mozilla.org/mozilla-
 central/source/security/manager/ssl/src/nsNSSComponent.cpp#1790
 and https://mxr.mozilla.org/mozilla-
 central/source/security/nss/lib/ssl/ssl3con.c#4008

 The problem with copy-pasting Firefox's cipher list is that we might run
 into problems when Firefox changes its cipher list, like it happened with
 SSL DH modulus. Still, I'm not sure if randomization is a better solution
 either. It will complicate the implementation (since we will still need to
 always have a strong PFS ciphersuite in the "randomized" cipher list), and
 I'm not sure if it will help in the long run (China might whitelist cipher
 lists, or it might start detecting clients connecting to SSL services that
 always have a different cipher list.).

 I would go with copy-pasting Firefox's cipher list and monitoring the
 `security-prefs.js` file for changes.

 Thoughts?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4744#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list