[tor-dev] Characterizing Tor flows using DPI

Piyush Kumar Sharma piyushs at iiitd.ac.in
Fri Oct 12 11:40:42 UTC 2018

Hello all,

I have some confusion regarding the characterization of Tor traffic using
I was following the link (
https://trac.torproject.org/projects/tor/wiki/org/projects/Tor/TLSHistory )
and understood that Tor did TLS renogotiation at some point and then
discontinued doing it.
As an improvement there are basically two handshakes that are done.
(i) "outer handshake" which is made to look as real as possible.
(ii) "inner handshake" which is actually used to authenticate and exchange
"real" certificates.

I am just not able to understand as to why we need two handshakes, also why
do we need "real" and "fake" certificates.
Or if i am missing something, can someone point me to the right resources
where i can get the current tor TLS implementation details.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20181012/320d69e0/attachment.html>

More information about the tor-dev mailing list