[tor-relays] Help the Tor Project by running a fast unpublished bridge
Roger Dingledine
arma at mit.edu
Tue Aug 14 20:32:41 UTC 2012
On Tue, Aug 14, 2012 at 05:13:56PM +0200, tor-admin wrote:
> My understanding of bridge detection was, that Chinas GFW is able to detect
> the Tor SSL handshake and does active bridge probing after a successful
> connection to a (for the GFW) unknown bridge IP. So they should be able to
> block any bridge publish or unpublished very quickly, if someone from behind
> the GFW connects to a bridge. Am I missing something?
We haven't made a big fuss about it, but Tor 0.2.3.17-beta uses a new
ciphersuite in the ssl client hello, and I believe China's current DPI
doesn't notice it.
https://lists.torproject.org/pipermail/tor-talk/2012-June/024511.html
The extra-fun part is that if a Tor 0.2.2 client connects to the bridge,
it triggers the probing you describe (and thus the blocking). But if
only Tor 0.2.3.17+ clients connect, no probing (and thus no blocking).
Obfsproxy's obfs2 protocol is way better at not getting blocked currently;
but I'm holding out for an obfs3 release, with a new protocol that's
harder to DPI for, before we push for a big rollout there.
--Roger
More information about the tor-relays
mailing list