[tor-bugs] #28168 [Obfuscation/meek]: Use ESNI via Firefox HTTPS helper

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 23 22:11:17 UTC 2018 

#28168: Use ESNI via Firefox HTTPS helper
----------------------------------+------------------
     Reporter:  dcf               |      Owner:  dcf
         Type:  project           |     Status:  new
     Priority:  Medium            |  Milestone:
    Component:  Obfuscation/meek  |    Version:
     Severity:  Normal            |   Keywords:  easy
Actual Points:                    |  Parent ID:
       Points:                    |   Reviewer:
      Sponsor:                    |
----------------------------------+------------------
 As of 2018-10-18, [https://blog.mozilla.org/security/2018/10/18/encrypted-
 sni-comes-to-firefox-nightly/ Firefox Nightly supports] encrypted SNI, and
 [https://blog.cloudflare.com/esni/ Cloudflare supports it] on the server
 side. Because meek supports using Firefox as a channel for issuing HTTPS
 requests, it ought to be pretty easy to adapt the meek client software to
 use ESNI rather than domain fronting. The server software doesn't need any
 change.

 These steps are untested:
 1. Download Tor Browser and Firefox Nightly.
 1. Set network.trr.mode=3 and network.security.esni.enabled=true in
 Firefox Nightly.
 1. Copy the !meek-http-helper at bamsoftware.com.xpi from Tor Browser to
 Firefox Nightly.
 1. Hack meek-client-torbrowser/{mac,linux,windows}.go to point
 `firefoxPath` at the copy of Firefox Nightly and disable the custom
 profile. (Additional hacks to remove hardcoded Tor Browser assumptions may
 be required.)
 1. Set up a Cloudflare instance pointing to
 !https://meek.bamsoftware.com/, call it !https://meek.example.com/.
 1. Set up a [[doc/meek#Howtochangethefrontdomain|custom bridge]] in Tor
 Browser, using `url=` without `front=` (because we're no longer domain
 fronting).\\{{{bridge meek 0.0.2.0:3 url=https://meek.example.com/}}}

 Of course, once ESNI support makes it into the version of Firefox used by
 Tor Browser, this will be even easier, not requiring a separate Firefox
 Nightly.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28168>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list