[tor-bugs] #30500 [Circumvention/Censorship analysis]: Can the GFW still do DPI for "new" vanilla Tor?

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 14 00:01:29 UTC 2019 

#30500: Can the GFW still do DPI for "new" vanilla Tor?
-----------------------------------------------+--------------------------
 Reporter:  phw                                |          Owner:  (none)
     Type:  task                               |         Status:  assigned
 Priority:  Low                                |      Milestone:
Component:  Circumvention/Censorship analysis  |        Version:
 Severity:  Normal                             |     Resolution:
 Keywords:  gfw, china                         |  Actual Points:
Parent ID:                                     |         Points:
 Reviewer:                                     |        Sponsor:
-----------------------------------------------+--------------------------

Comment (by phw):

 Indeed, it looks like newer versions of Tor use a cipher list that is
 different from the one from several years ago.

 tcis used 29 cipher suites in its TLS client hello:
 {{{
 "\xc0\x0a\xc0\x14\x00\x39\x00\x38\xc0\x0f\xc0\x05\x00\x35\xc0\x07" \
 "\xc0\x09\xc0\x11\xc0\x13\x00\x33\x00\x32\xc0\x0c\xc0\x0e\xc0\x02" \
 "\xc0\x04\x00\x04\x00\x05\x00\x2f\xc0\x08\xc0\x12\x00\x16\x00\x13" \
 "\xc0\x0d\xc0\x03\xfe\xff\x00\x0a\x00\xff"
 }}}

 Tor 0.3.2.10 used 15 cipher suites:
 {{{
 "\xc0\x2b\xc0\x2f\xcc\xa9\xcc\xa8\xc0\x2c\xc0\x30\xc0\x0a\xc0\x09" \
 "\xc0\x13\xc0\x14\x00\x33\x00\x39\x00\x2f\x00\x35\x00\xff"
 }}}

 The active prober that showed up right after the tcis "connection" used a
 whopping 65 suites:
 {{{
 "\xc0\x30\xc0\x2c\xc0\x28\xc0\x24\xc0\x14\xc0\x0a\x00\xa3\x00\x9f" \
 "\x00\x6b\x00\x6a\x00\x39\x00\x38\x00\x88\x00\x87\xc0\x32\xc0\x2e" \
 "\xc0\x2a\xc0\x26\xc0\x0f\xc0\x05\x00\x9d\x00\x3d\x00\x35\x00\x84" \
 "\xc0\x12\xc0\x08\x00\x16\x00\x13\xc0\x0d\xc0\x03\x00\x0a\xc0\x2f" \
 "\xc0\x2b\xc0\x27\xc0\x23\xc0\x13\xc0\x09\x00\xa2\x00\x9e\x00\x67" \
 "\x00\x40\x00\x33\x00\x32\x00\x9a\x00\x99\x00\x45\x00\x44\xc0\x31" \
 "\xc0\x2d\xc0\x29\xc0\x25\xc0\x0e\xc0\x04\x00\x9c\x00\x3c\x00\x2f" \
 "\x00\x96\x00\x41\xc0\x11\xc0\x07\xc0\x0c\xc0\x02\x00\x05\x00\x04" \
 "\x00\xff"
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30500#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list