[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4744 [Tor Bridge]: GFW probes based on Tor's SSL cipher list
#4744: GFW probes based on Tor's SSL cipher list
--------------------------------+-------------------------------------------
Reporter: asn | Owner: nickm
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Bridge | Version:
Keywords: tls fingerprinting | Parent: #4185
Points: | Actualpoints:
--------------------------------+-------------------------------------------
Comment(by tom):
{{{
< tjr:#tor-dev> nickm: I reviewed 4744 and proposal 198 like you
suggested. I didn't find anything terribly wrong with
them.... but
< tjr:#tor-dev> nickm: I haven't held all of this commit and its
supporting code
https://gitweb.torproject.org/nickm/tor.git/commitdiff/d7e455018f6f2ea402c17412fbf4f1185857939f
in my head, so
I'm kind of just presuming it works: i and j don't get out
of sync in the loop; the ">> 24) & 0xff) != 3" stuff
is referencing some code I don't know about,...
< tjr:#tor-dev> nickm: I do wonder what would happen if OpenSSL added
ciphers to 1.0.0... Would line 112:
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/198
-restore-clienthello-semantics.txt#l112 get
the spec out of sync with the code, would that mess up the
loop and keeping i/j in sync...?
< tjr:#tor-dev> nickm: Also, complete nitpicking, but since you log
"Skipping v2 ciphers" at notice, maybe you'd also want to
log the unsupported ciphers at notice too? /shrug
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4744#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs