[tor-bugs] #13442 [meek]: Check TLS fingerprint in Tor Browser 4.0

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Oct 26 18:55:30 UTC 2014


#13442: Check TLS fingerprint in Tor Browser 4.0
-----------------------+------------------
     Reporter:  dcf    |      Owner:  dcf
         Type:  task   |     Status:  new
     Priority:  major  |  Milestone:
    Component:  meek   |    Version:
   Resolution:         |   Keywords:  easy
Actual Points:         |  Parent ID:
       Points:         |
-----------------------+------------------

Comment (by dcf):

 It turns out that Tor Browser 4.0 with meek 0.11 is missing the
 "SessionTicket TLS" extension, just like back in comment:9:ticket:11183.
 It's because of #10822, where the name of a pref effectively changed from
 security.enable_tls_session_tickets to
 security.ssl.disable_session_identifiers. meek-http-helper's
 [https://gitweb.torproject.org/builders/tor-browser-
 bundle.git/blob/refs/tags/tbb-4.0-build1:/Bundle-Data/PTConfigs/meek-http-
 helper-user.js#l7 user.js file] is still using the old name.

 {{{
 --- firefox.txt 2014-10-26 11:26:40.834292634 -0700
 +++ meek.txt    2014-10-26 11:27:11.764528579 -0700
 @@ -1,111 +1,107 @@
  Secure Sockets Layer
      TLSv1.2 Record Layer: Handshake Protocol: Client Hello
          Content Type: Handshake (22)
          Version: TLS 1.0 (0x0301)
 -        Length: 176
 +        Length: 172
          Handshake Protocol: Client Hello
              Handshake Type: Client Hello (1)
 -            Length: 172
 +            Length: 168
              Version: TLS 1.2 (0x0303)
              Random
 -                GMT Unix Time: Mar  6, 2014 22:59:28.000000000 PST
 -                Random Bytes:
 0d118b8cc9643095c9c7089e5445d186c10720fcd81de073...
 +                GMT Unix Time: Apr  9, 2009 16:43:59.000000000 PDT
 +                Random Bytes:
 3bc6a8d4c151f111312cc2a3026c95bf6bb9e823c632ea7a...
              Session ID Length: 0
              Cipher Suites Length: 46
              Cipher Suites (23 suites)
                  Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 (0xc02b)
                  Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 (0xc02f)
                  Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
 (0xc00a)
                  Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 (0xc009)
                  Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                  Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                  Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 (0xc012)
                  Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
                  Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
                  Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                  Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                  Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 (0x0045)
                  Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                  Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                  Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
 (0x0088)
                  Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                  Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                  Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
                  Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                  Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
                  Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                  Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
                  Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
              Compression Methods Length: 1
              Compression Methods (1 method)
                  Compression Method: null (0)
 -            Extensions Length: 85
 +            Extensions Length: 81
              Extension: server_name
                  Type: server_name (0x0000)
                  Length: 19
                  Server Name Indication extension
                      Server Name list length: 17
                      Server Name Type: host_name (0)
                      Server Name length: 14
                      Server Name: www.google.com
              Extension: renegotiation_info
                  Type: renegotiation_info (0xff01)
                  Length: 1
                  Renegotiation Info extension
                      Renegotiation info extension length: 0
              Extension: elliptic_curves
                  Type: elliptic_curves (0x000a)
                  Length: 8
                  Elliptic Curves Length: 6
                  Elliptic curves (3 curves)
                      Elliptic curve: secp256r1 (0x0017)
                      Elliptic curve: secp384r1 (0x0018)
                      Elliptic curve: secp521r1 (0x0019)
              Extension: ec_point_formats
                  Type: ec_point_formats (0x000b)
                  Length: 2
                  EC point formats Length: 1
                  Elliptic curves point formats (1)
                      EC point format: uncompressed (0)
 -            Extension: SessionTicket TLS
 -                Type: SessionTicket TLS (0x0023)
 -                Length: 0
 -                Data (0 bytes)
              Extension: next_protocol_negotiation
                  Type: next_protocol_negotiation (0x3374)
                  Length: 0
              Extension: status_request
                  Type: status_request (0x0005)
                  Length: 5
                  Certificate Status Type: OCSP (1)
                  Responder ID list Length: 0
                  Request Extensions Length: 0
              Extension: signature_algorithms
                  Type: signature_algorithms (0x000d)
                  Length: 18
                  Signature Hash Algorithms Length: 16
                  Signature Hash Algorithms (8 algorithms)
                      Signature Hash Algorithm: 0x0401
                          Signature Hash Algorithm Hash: SHA256 (4)
                          Signature Hash Algorithm Signature: RSA (1)
                      Signature Hash Algorithm: 0x0501
                          Signature Hash Algorithm Hash: SHA384 (5)
                          Signature Hash Algorithm Signature: RSA (1)
                      Signature Hash Algorithm: 0x0201
                          Signature Hash Algorithm Hash: SHA1 (2)
                          Signature Hash Algorithm Signature: RSA (1)
                      Signature Hash Algorithm: 0x0403
                          Signature Hash Algorithm Hash: SHA256 (4)
                          Signature Hash Algorithm Signature: ECDSA (3)
                      Signature Hash Algorithm: 0x0503
                          Signature Hash Algorithm Hash: SHA384 (5)
                          Signature Hash Algorithm Signature: ECDSA (3)
                      Signature Hash Algorithm: 0x0203
                          Signature Hash Algorithm Hash: SHA1 (2)
                          Signature Hash Algorithm Signature: ECDSA (3)
                      Signature Hash Algorithm: 0x0402
                          Signature Hash Algorithm Hash: SHA256 (4)
                          Signature Hash Algorithm Signature: DSA (2)
                      Signature Hash Algorithm: 0x0202
                          Signature Hash Algorithm Hash: SHA1 (2)
                          Signature Hash Algorithm Signature: DSA (2)
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13442#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list