[tor-bugs] #12766 [meek]: Disable TLSv1.1 and TLSv1.2 in the Firefox helper

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Aug 16 01:14:23 UTC 2014 

#12766: Disable TLSv1.1 and TLSv1.2 in the Firefox helper
------------------------+----------------------------------
     Reporter:  dcf     |      Owner:  dcf
         Type:  defect  |     Status:  needs_review
     Priority:  normal  |  Milestone:
    Component:  meek    |    Version:
   Resolution:          |   Keywords:  TorBrowserTeam201408
Actual Points:          |  Parent ID:
       Points:          |
------------------------+----------------------------------
Changes (by dcf):

 * keywords:   => TorBrowserTeam201408
 * status:  new => needs_review


Comment:

 attachment:0001-Set-security.tls.version.max-1-in-meek-http-helper.patch​
 disables TLSv1.1 and TLSv1.2 in the helper, by setting
 [http://kb.mozillazine.org/Security.tls.version.*
 security.tls.version.max=1].

 Before the patch (i.e., the status quo with 4.0-alpha-1), the TLS
 fingerprint stands out from ordinary Firefox 24 in the TLS version and in
 an extra extension:
 {{{
      SSL Record Layer: Handshake Protocol: Client Hello
          Content Type: Handshake (22)
          Version: TLS 1.0 (0x0301)
 -        Length: 169
 +        Length: 191
          Handshake Protocol: Client Hello
              Handshake Type: Client Hello (1)
 -            Length: 165
 -            Version: TLS 1.0 (0x0301)
 +            Length: 187
 +            Version: TLS 1.2 (0x0303)
              Random
 -                gmt_unix_time: Jul 12, 2089 08:23:06.000000000 PDT
 -                random_bytes:
 f0b149a04ac4a554c5bda57030b17342cc1c0ab59c925cc8...
 +                gmt_unix_time: Nov 29, 2031 00:35:52.000000000 PST
 +                random_bytes:
 4856792ce5d7e72f3255fef9792ed37d14124c402ed8dfb1...
              Session ID Length: 0
              Cipher Suites Length: 70
              Cipher Suites (35 suites)
 @@ -51,7 +51,7 @@
              Compression Methods Length: 1
              Compression Methods (1 method)
                  Compression Method: null (0)
 -            Extensions Length: 54
 +            Extensions Length: 76
              Extension: server_name
                  Type: server_name (0x0000)
                  Length: 19
 @@ -86,3 +86,7 @@
              Extension: next_protocol_negotiation
                  Type: next_protocol_negotiation (0x3374)
                  Length: 0
 +            Extension: signature_algorithms
 +                Type: signature_algorithms (0x000d)
 +                Length: 18
 +                Data (18 bytes)
 }}}

 After the patch, we're back to differing only in the client randomness:
 {{{
              Length: 165
              Version: TLS 1.0 (0x0301)
              Random
 -                gmt_unix_time: Jul 12, 2089 08:23:06.000000000 PDT
 -                random_bytes:
 f0b149a04ac4a554c5bda57030b17342cc1c0ab59c925cc8...
 +                gmt_unix_time: Sep 24, 1976 08:40:40.000000000 PDT
 +                random_bytes:
 52240b209956653bf5fd16b29aeb040d7a81d3358f86dd19...
              Session ID Length: 0
              Cipher Suites Length: 70
              Cipher Suites (35 suites)
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12766#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list