[tor-bugs] #30500 [Circumvention/Censorship analysis]: Can the GFW still do DPI for "new" vanilla Tor?

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 25 16:28:39 UTC 2019


#30500: Can the GFW still do DPI for "new" vanilla Tor?
-----------------------------------------------+--------------------------
 Reporter:  phw                                |          Owner:  (none)
     Type:  task                               |         Status:  assigned
 Priority:  Low                                |      Milestone:
Component:  Circumvention/Censorship analysis  |        Version:
 Severity:  Normal                             |     Resolution:
 Keywords:  gfw, china                         |  Actual Points:
Parent ID:                                     |         Points:
 Reviewer:                                     |        Sponsor:
-----------------------------------------------+--------------------------

Comment (by phw):

 Replying to [comment:3 arma]:
 > Are you saying Tor bridges / relays can look for those 65 ciphers, and
 refuse to continue in that case? :)

 I don't think that would work well. I just caught two more probes and
 attached the resulting pcap file. It contains three TLS client hello
 packets: the first is a tcis decoy connection from a system in China (I
 rewrote the IP address to 1.1.1.1) to my Tor bridge (rewritten to
 2.2.2.2). The next two packets are active probes, with their original IP
 addresses. Interestingly, their cipher list differs: one has 65 suites
 while the other one has 68 suites.

 The site tlsfingerprints.io has seen the cipher list of
 [https://tlsfingerprint.io/id/f47f08ae690b4756 the first probe 138,000
 times] and [https://tlsfingerprint.io/id/4e542eaea37cdd51 the second probe
 <100 times]. FWIW, tlsfingerprints.io works as follows:
 > We collect anonymized TLS Client Hello messages from the University of
 Colorado Boulder campus network, in order to measure the popularity of
 various implementations actually used in practice.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30500#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list