[tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 8 18:14:06 UTC 2019
#29430: Use uTLS for meek TLS camouflage in Tor Browser
--------------------------------------+--------------------------
Reporter: dcf | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: meek utls | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Changes (by yawning):
* cc: yawning (added)
Comment:
Replying to [comment:4 mcs]:
> Kathy and I agree: if we are planning to switch to obfs4proxy's meek
client implementation (which seems like a good option to us), we should
change Tor Launcher to use SOCKS args with the meek PT that it spins up
for Moat.
>
> Georg, is it worthwhile for us to do that work in Tor Launcher soon, or
should we first resolve the "meek-client or obfs4proxy?" question?
For what it's worth, I also think that changing Tor Launcher to do so is
orthogonal from which meek implementation is being used, since the new
code will work with both implementations (unless meek-client is doing
something extremely surprising under the hood).
I aim to keep the bridge lines between meek-client and meek_lite as
compatible as possible.
Currently the differences between the two implementations are as follows:
* (config) meek_lite's `utls` option understands `HelloChrome_71`.
* (config) meek_lite will use `HelloFirefox_Auto` if no `utls` option is
specified.
* (config) meek_lite has a (misnamed according to some) option
`disableHPKP`.
So, all meek-client bridge lines will work with meek_lite (though the TLS
fingerprint may differ).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29430#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list