[tor-talk] allow ssl-encapsulated connections to all tor relays. Stop L7

Ural uralzima at autistici.org
Fri Mar 17 11:45:00 UTC 2017

I am using TOR more than 5 years. And tried very different setups, have
some public relays. Thanks for doing great job!

But this project have some issues:
1. Tor traffic can be detected and rejected, or monitored.
2. obfuscated traffic can also be rejected, and monitored at higher
3. Easily detected by L7, even on home 200Mhz wifi router.

I am also testing versions 0.3, and when it released as rc, it stopped
crashing. While you preparing a big major version update, I offer to
include such very cool and easy-to-implement feature:

== Allow all tor connections to be encapsulated in simple ssl
connection, like STUNNEL does. It is very fast now and will not create
any performance, latency or cpuload issues, I am using stunnel very
often, and encapsulate all my connections into it, and it appears as
average https traffic. Extremely fast and stable.

The ideal way is to force all relays and users to use encapsulated
traffic, and allow fallback for old versions. Tor traffic will appear as
usual 443 ssl traffic (let's exclude correlation etc) and will help
censored users to not be hard-filtered. Let stop Layer7 Tor detection!
harden dpi.

Please think about this and +1 if someone agree. We will resolve
multiple problems just by introducing a new feature (2h of work), that
(may?) be disabled.

More information about the tor-talk mailing list