Re: [tor-bugs] #29077 [Obfuscation/meek]: uTLS for meek-client camouflage

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#29077: uTLS for meek-client camouflage
------------------------------+---------------------
 Reporter:  dcf               |          Owner:  dcf
     Type:  enhancement       |         Status:  new
 Priority:  Medium            |      Milestone:
Component:  Obfuscation/meek  |        Version:
 Severity:  Normal            |     Resolution:
 Keywords:  moat utls         |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+---------------------

Comment (by yawning):

 Replying to [comment:1 dcf]:
 > (b) causes the server to select a feature that the client advertised in
 its fake fingerprint but doesn't actually support. When this happens, you
 get an error in the meek-client log like
 >     {{{
 > error in handling request: tls: server selected unsupported group
 >     }}}

 Probably old news, but since this happens with the `Firefox_Auto` preset
 on the Azure bridge, I looked into it a bit, and it is primarily caused by
 `utls`'s support for curves other than X25519 being non-existent in
 certain cases.

 This is code inherited from `crypto/tls`, and the issue arises from the
 assumption that the server will always negotiate X25519
 (ajax.aspnetcdn.com will pick `secp256r1`) if it is present in the
 ClientHello's Supported Curves extension.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29077#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs