[tor-bugs] #4744 [Tor Bridge]: GFW probes based on Tor's SSL cipher list (was: GFW probes based on Tor's SSL cipher list (?))
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Feb 8 12:19:22 UTC 2012
#4744: GFW probes based on Tor's SSL cipher list
--------------------------------+-------------------------------------------
Reporter: asn | Owner: nickm
Type: defect | Status: accepted
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Bridge | Version:
Keywords: tls fingerprinting | Parent: #4185
Points: | Actualpoints:
--------------------------------+-------------------------------------------
Comment(by phw):
I can confirm that it is the cipher list, the chinese DPI boxes are
looking for. I did some testing and was able to consistently trigger
scanning by setting all fields in the TLS Client Hello to 0-bytes except
the cipher list.
Also, since the goal of the cipher list change is to render Tor
recognition in China useless, I would suggest to adapt the cipher list to
something which is very common in China (and, if possible, in the rest of
the world too). According to some quick Google search, IE is much more
used than Chrome and Firefox in China.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4744#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list