[tor-bugs] #6045 [Tor Bridge]: Ethiopia blocks Tor based on ServerHello

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#6045: Ethiopia blocks Tor based on ServerHello
------------------------+---------------------------------------------------
 Reporter:  asn         |          Owner:     
     Type:  task        |         Status:  new
 Priority:  normal      |      Milestone:     
Component:  Tor Bridge  |        Version:     
 Keywords:  dpi         |         Parent:     
   Points:              |   Actualpoints:     
------------------------+---------------------------------------------------
 Ethiopia is blocking Tor by DPIing the ServerHello TLS record. We
 found out that changing the ciphersuite selected (from the default
 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA (0x0039)) bypasses the censorship.

 This is a ticket to see how we can handle this issue. We should also
 be think about how #4744 and proposal 198 influence this.

 The patch we used during tests removes 0x0039 from `SERVER_CIPHER_LIST`:
 https://gitorious.org/mytor/mytor/commit/087de5215cada3320c8494fdc97b87746b45e1cb

 A good short-term plan would be to set-up a few patched bridges,
 update the blog post, and distribute the patched bridges to anyone who
 asks for them.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6045>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs