[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4744 [Tor Bridge]: GFW probes based on Tor's SSL cipher list



#4744: GFW probes based on Tor's SSL cipher list
--------------------------------+-------------------------------------------
 Reporter:  asn                 |          Owner:  nickm             
     Type:  defect              |         Status:  needs_review      
 Priority:  major               |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Bridge          |        Version:                    
 Keywords:  tls fingerprinting  |         Parent:  #4185             
   Points:                      |   Actualpoints:                    
--------------------------------+-------------------------------------------

Comment(by tom):

 {{{
 < tjr:#tor-dev> nickm: I reviewed 4744 and proposal 198 like you
 suggested.  I didn't find anything terribly wrong with
                 them.... but
 < tjr:#tor-dev> nickm: I haven't held all of this commit and its
 supporting code
 https://gitweb.torproject.org/nickm/tor.git/commitdiff/d7e455018f6f2ea402c17412fbf4f1185857939f
 in my head, so
                 I'm kind of just presuming it works: i and j don't get out
 of sync in the loop; the ">> 24) & 0xff) != 3" stuff
                 is referencing some code I don't know about,...
 < tjr:#tor-dev> nickm: I do wonder what would happen if OpenSSL added
 ciphers to 1.0.0... Would line 112:
 https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/198
 -restore-clienthello-semantics.txt#l112 get
                 the spec out of sync with the code, would that mess up the
 loop and keeping i/j in sync...?
 < tjr:#tor-dev> nickm: Also, complete nitpicking, but since you log
 "Skipping v2 ciphers" at notice, maybe you'd also want to
                 log the unsupported ciphers at notice too? /shrug
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4744#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs