[tor-bugs] #6140 [Tor Bridge]: Kazakhstan uses DPI to block Tor
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Jun 13 12:20:39 UTC 2012
#6140: Kazakhstan uses DPI to block Tor
------------------------+---------------------------------------------------
Reporter: runa | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor Bridge | Version:
Keywords: dpi | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Two blog posts published in the beginning of March talks about Kazakhstan
using DPI to block Tor. The posts say that Kazakhstan is identifying and
blocking the SSL client key exchange during the setup of an SSL
connection. It seems the Kazakhstan firewall finds something unique in the
TLS "Server Hello" message as sent by the Tor relay or bridge and
therefore blocks subsequent communications. IP address and TCP port are
irrelevant to the censorship.
From #6045 (where we discuss Ethiopia blocking Tor based on ServerHello),
we know that:
* The normal Tor Browser Bundle with a special bridge works; the bridge
with the patch that causes the final hello done TLS record to be sent in a
separate packet.
* The three bridges in https://blog.torproject.org/blog/update-
censorship-ethiopia are also working in Kazakhstan. These are bridges with
a patch that removes 0x0039 from SERVER_CIPHER_LIST.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6140>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list