[tor-bugs] #4744 [Tor Bridge]: GFW probes based on Tor's SSL cipher list

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Feb 13 13:03:51 UTC 2012


#4744: GFW probes based on Tor's SSL cipher list
--------------------------------+-------------------------------------------
 Reporter:  asn                 |          Owner:  nickm             
     Type:  defect              |         Status:  accepted          
 Priority:  major               |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Bridge          |        Version:                    
 Keywords:  tls fingerprinting  |         Parent:  #4185             
   Points:                      |   Actualpoints:                    
--------------------------------+-------------------------------------------

Comment(by .phw):

 Replying to [comment:10 nickm]:
 > Do we have a cipher list from recent IE?
 http://blogs.technet.com/b/steriley/archive/2007/11/06/changing-the-ssl-
 cipher-order-in-internet-explorer-7-on-windows-vista.aspx purports to have
 one, but it doesn't look authoritative.
 >
 > If that list is accurate, then unfortunately,it doesn't include the one
 we actually want, TLS_DHE_RSA_WITH_AES_128_SHA.  (It doesn't have any
 DHE+RSA ciphers, as near as I can tell.)  It'd be nice to support
 something properly fast, like TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256, but
 that'd require server upgrading.

 I just looked at the cipher list used by IE 9. Maybe somebody can
 reproduce the results.
 http://pastebin.com/Hr1YFppk
 Unfortunately, it also lacks DHE+RSA ciphers.

 This, on the other hand, is the cipher list used by the current Google
 chrome (on Windows 7):
 http://pastebin.com/7i2MD5Bm
 It contains TLS_DHE_RSA_WITH_AES_128_CBC_SHA.

 According to statcounter, Chrome is still far behind in China but at least
 it seems to be catching up: http://gs.statcounter.com/#browser-CN-
 monthly-201101-201201

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4744#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list