[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor and resumed TLS handshakes



Hello list,

I'm reading about TLS, and just read more about the "resumed TLS
handshake" shortcut.

Apparently the "session ID"/"resume" value in ServerHello/ClientHello
can be a privacy concern. [1] I think it might also conflicts with the
goals of Tor, so I was curious if Torbutton was blocking it. This is
what I tried, to check Torbutton, on a Ubuntu LiveCD:

Install Tor, polipo, check it works, etc. Then stop Tor and instead
set up a local SOCKS proxy with SSH:

ubuntu@ubuntu:~$ sudo service tor stop
ubuntu@ubuntu:~$ ssh -D 9050 ubuntu@localhost

(Leaving polipo as-is.)

Install ssldump. Start Firefox with Torbutton toggled. Go to some
HTTPS-enabled site, like Twitter, but first start ssldump. ssldump
prints the "session ID" field first sent by the server:

ubuntu@ubuntu:~$ sudo ssldump -d -i eth0 | grep -A4 ServerHello
      ServerHello
        Version 3.1
        session_id[32]=
          69 46 56 83 f5 06 88 20 85 56 96 1a 6f 91 31 74
          51 85 11 85 10 e5 6f 5b 43 07 0c 27 83 8c f8 a4
...

Use Twitter some more... ssldump shows the browser parroting the same
number back:

ubuntu@ubuntu:~$ sudo ssldump -d -i eth0 | grep -A4 ClientHello
      ClientHello
        Version 3.1
        resume [32]=
          69 46 56 83 f5 06 88 20 85 56 96 1a 6f 91 31 74
          51 85 11 85 10 e5 6f 5b 43 07 0c 27 83 8c f8 a4
...

Seems like a nice way for Google Analytics or others to track users
across exit nodes... Is this likely? Did I miss something?

[1] https://trac.webkit.org/wiki/Fingerprinting#SessionIDs

-- 
Mansour
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk