[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4744 [Tor Bridge]: GFW probes based on Tor's SSL cipher list
#4744: GFW probes based on Tor's SSL cipher list
--------------------------------+-------------------------------------------
Reporter: asn | Owner: nickm
Type: defect | Status: accepted
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Bridge | Version:
Keywords: tls fingerprinting | Parent: #4185
Points: | Actualpoints:
--------------------------------+-------------------------------------------
Comment(by .phw):
Replying to [comment:10 nickm]:
> Do we have a cipher list from recent IE?
http://blogs.technet.com/b/steriley/archive/2007/11/06/changing-the-ssl-
cipher-order-in-internet-explorer-7-on-windows-vista.aspx purports to have
one, but it doesn't look authoritative.
>
> If that list is accurate, then unfortunately,it doesn't include the one
we actually want, TLS_DHE_RSA_WITH_AES_128_SHA. (It doesn't have any
DHE+RSA ciphers, as near as I can tell.) It'd be nice to support
something properly fast, like TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256, but
that'd require server upgrading.
I just looked at the cipher list used by IE 9. Maybe somebody can
reproduce the results.
http://pastebin.com/Hr1YFppk
Unfortunately, it also lacks DHE+RSA ciphers.
This, on the other hand, is the cipher list used by the current Google
chrome (on Windows 7):
http://pastebin.com/7i2MD5Bm
It contains TLS_DHE_RSA_WITH_AES_128_CBC_SHA.
According to statcounter, Chrome is still far behind in China but at least
it seems to be catching up: http://gs.statcounter.com/#browser-CN-
monthly-201101-201201
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4744#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs