[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #12766 [meek]: Disable TLSv1.1 and TLSv1.2 in the Firefox helper
#12766: Disable TLSv1.1 and TLSv1.2 in the Firefox helper
------------------------+----------------------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: meek | Version:
Resolution: | Keywords: TorBrowserTeam201408
Actual Points: | Parent ID:
Points: |
------------------------+----------------------------------
Changes (by dcf):
* keywords: => TorBrowserTeam201408
* status: new => needs_review
Comment:
attachment:0001-Set-security.tls.version.max-1-in-meek-http-helper.patchâ
disables TLSv1.1 and TLSv1.2 in the helper, by setting
[http://kb.mozillazine.org/Security.tls.version.*
security.tls.version.max=1].
Before the patch (i.e., the status quo with 4.0-alpha-1), the TLS
fingerprint stands out from ordinary Firefox 24 in the TLS version and in
an extra extension:
{{{
SSL Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
- Length: 169
+ Length: 191
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
- Length: 165
- Version: TLS 1.0 (0x0301)
+ Length: 187
+ Version: TLS 1.2 (0x0303)
Random
- gmt_unix_time: Jul 12, 2089 08:23:06.000000000 PDT
- random_bytes:
f0b149a04ac4a554c5bda57030b17342cc1c0ab59c925cc8...
+ gmt_unix_time: Nov 29, 2031 00:35:52.000000000 PST
+ random_bytes:
4856792ce5d7e72f3255fef9792ed37d14124c402ed8dfb1...
Session ID Length: 0
Cipher Suites Length: 70
Cipher Suites (35 suites)
@@ -51,7 +51,7 @@
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
- Extensions Length: 54
+ Extensions Length: 76
Extension: server_name
Type: server_name (0x0000)
Length: 19
@@ -86,3 +86,7 @@
Extension: next_protocol_negotiation
Type: next_protocol_negotiation (0x3374)
Length: 0
+ Extension: signature_algorithms
+ Type: signature_algorithms (0x000d)
+ Length: 18
+ Data (18 bytes)
}}}
After the patch, we're back to differing only in the client randomness:
{{{
Length: 165
Version: TLS 1.0 (0x0301)
Random
- gmt_unix_time: Jul 12, 2089 08:23:06.000000000 PDT
- random_bytes:
f0b149a04ac4a554c5bda57030b17342cc1c0ab59c925cc8...
+ gmt_unix_time: Sep 24, 1976 08:40:40.000000000 PDT
+ random_bytes:
52240b209956653bf5fd16b29aeb040d7a81d3358f86dd19...
Session ID Length: 0
Cipher Suites Length: 70
Cipher Suites (35 suites)
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12766#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs