[tor-talk] What is being detected to alert upon?
Tom van der Woerdt
info at tvdw.eu
Sat May 2 01:15:47 UTC 2015
The security added by Tor mimicking Firefox' TLS hello is questionable.
It's a leftover concept from the initial versions of Tor, before
pluggable transports became a thing.
Tor is pretty easy to fingerprint and as all relays are published in the
consensus anyway fingerprinting isn't a big deal.
Bridges might have some very small benefit from looking like an old
Firefox, but this is not proven. Also, pluggable transports completely
eliminate the need for fingerprint resistance in Tor.
Tom
Allen schreef op 01/05/15 om 07:41:
> I didn't see an answer to this question, but I did compare the TLS Hello's
> from Firefox and the Tor binary distributed by torproject.org and there are
> lots of differences (see the two files attached), so I'm not sure this is
> worth worrying about...
>
>
> -----Original Message-----
> From: Allen [mailto:allenpmd at gmail.com]
> Sent: Thursday, April 30, 2015 5:49 PM
> To: tor-talk at lists.torproject.org
> Subject: RE: [tor-talk] What is being detected to alert upon?
>
>> a connection to a Tor bridge looks kind of like regular TLS traffic.
>
> Question: I recompiled OpenSSL to remove a bunch of features that look
> unnecessary and might present a security risk, such as SSL2, SSL3 and DTLS.
> (In case it matters, it is OpenSSL v1.0.2a and the specific configure
> options are no-ssl2 no-ssl3 no-idea no-dtls no-psk no-srp no-dso no-npn
> no-hw no-engines -DOPENSSL_NO_HEARTBEATS -DOPENSSL_USE_IPV6=0).
>
> I'm using this rebuilt DLL with Tor. Does this compromise Tor's TLS
> handshake so that it no longer looks like Firefox? If so, what so I need to
> do to allow Tor to mimic Firefox's TLS handshake?
>
>
>
More information about the tor-talk
mailing list