[tor-dev] RFC: Using `utls` in meek_lite.

Yawning Angel yawning at schwanenlied.me
Mon Jan 21 05:12:41 UTC 2019


I just pushed a change to obfs4proxy master to use `utls` to mask the
ClientHello signature (currently Chrome 70.x).


I understand that this is being worked on for the original meek (see:
https://bugs.torproject.org/29077), but I felt inspired and it was
relatively easy to get something working.

 * This is only lightly tested, and may be doing something wrong or
   distinct.  It seems to work well enough to watch videos over it.
 * Azure uses HTTP 2.  Not really a problem.
 * `utls.HelloFirefox_Auto` will fail to handshake with Azure due to an
   incompatible group being negotiated.
 * `utls.HelloChrome_Auto` ironically fails to handshake with
   `google.com` in a standalone test case for me.
 * `utls.HelloIOS_Auto` seems to work in all cases, so I may switch to
   that before I tag.

Questions, comments, feedback appreciated,

Yawning Angel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190121/e6847acf/attachment.sig>

More information about the tor-dev mailing list