[tor-bugs] #4744 [Tor Bridge]: GFW probes based on Tor's SSL cipher list

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Mar 13 02:50:35 UTC 2012 

#4744: GFW probes based on Tor's SSL cipher list
--------------------------------+-------------------------------------------
 Reporter:  asn                 |          Owner:  nickm             
     Type:  defect              |         Status:  needs_revision    
 Priority:  major               |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Bridge          |        Version:                    
 Keywords:  tls fingerprinting  |         Parent:  #4185             
   Points:                      |   Actualpoints:                    
--------------------------------+-------------------------------------------

Comment(by hellais):

 Replying to [comment:15 nickm]:
 > Looks like the only commit we'd want from this is
 863442ff2edaed726590eb2a9e2aa58aa64f6247 ; the rest is all old tor2web
 junk.
 >
 > Hellais, please reset your master to point at origin/master if you
 haven't done so already.
 >

 Ok will do.

 > Other stuff:
 >   * Were these files made, like the existing ciphers.inc, using the perl
 script and the firefox/chrome source?  Or did you make them by hand?  If
 the latter, have you checked them for accuracy via sniffing or something?

 It was generated with a python script by sniffing the accepted cipher list
 of Google Chrome 17.0.963.56  and Firefox 8.

 >   * Makefile.am will need to mention the new files, so they get
 distributed.

 Ok.

 >   * The patch should probably remove ciphers.inc as unused.

 I was thinking that probably there isn't a lot of benefit of being able to
 compile your Tor with a different set of ciphers to use and maybe it could
 be best to simply replace ciphers.inc with the FF ciphers.
 The goal of this is to avoid Tor being distiguishable based on the ciphers
 it advertises, maybe we should just keep our cipher set up to date with
 what is the current mainstream browser.

 This process of "updating" the cipher suite should be automatized and read
 it from the FF or Chrome source code.

 What do you think?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4744#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list