[tbb-dev] Determining cipher suites
David Fifield
david at bamsoftware.com
Mon Jun 27 20:52:45 UTC 2016
On Tue, Jun 07, 2016 at 11:21:25AM -0700, Ben Mixon-Baca wrote:
> What is the easiest/fastest way to figure out which cipher suites old
> versions of the tor firefox client exported during the client hello.
You can download old versions here:
https://archive.torproject.org/tor-package-archive/torbrowser/
You can capture traffic with tcpdump and then dissect the client hello
with:
tshark -V -2 -R ssl.handshake.ciphersuites -r file.pcap
Here is the tor source file that shows what ciphers the client tries to
use. I suppose that the actual list may vary depending on what OpenSSL
has available, etc.
https://gitweb.torproject.org/tor.git/tree/src/common/ciphers.inc
The file hasn't changed since 2014:
https://gitweb.torproject.org/tor.git/log/src/common/ciphers.inc
Here's an old ticket having to do with DPI on the ciphersuite list:
https://bugs.torproject.org/4744 "GFW probes based on Tor's SSL cipher list"
More information about the tbb-dev
mailing list