#29077: uTLS for meek-client camouflage ------------------------------+--------------------- Reporter: dcf | Owner: dcf Type: enhancement | Status: new Priority: Medium | Milestone: Component: Obfuscation/meek | Version: Severity: Normal | Resolution: Keywords: moat utls | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ------------------------------+---------------------
Comment (by dcf): Yeah I did some tests today with `HelloRandomizedNoALPN`, 400 trials against each of 3 servers. ||||=**ajax.aspnetcdn.com** =|| || 284||no error || || 80||remote error: tls: handshake failure || || 36||tls: server selected unsupported group || ||||=**golang.org** =|| || 335||no error || || 65||remote error: tls: handshake failure || ||||=**www.cloudflare.com** =|| || 400||no error || `HelloRandomizedNoALPN` [https://github.com/refraction- networking/utls/blob/a89e7e6da482a5a0db02578fc606ace9ccfbea62/u_parrots.go#L557-L564 unconditionally includes] sec256r1 and sec384r1, but it doesn't seem to cause a problem unless it also happens to choose TLSv1.3 (which `Firefox_60` always does). 100% of the failures used a fingerprint with TLSv1.3, while only 28% of the successes did. I haven't dug deeper to see what the difference between the success and failure TLSv1.3 handshakes is. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29077#comment:6> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs