[tor-bugs] #4744 [Tor Bridge]: GFW probes based on Tor's SSL cipher list (?)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Dec 23 11:57:36 UTC 2011
#4744: GFW probes based on Tor's SSL cipher list (?)
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: blocker | Milestone:
Component: Tor Bridge | Version:
Keywords: | Parent: #4185
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by asn):
Firefox 8.0, in my environment, seems to send the following cipher suites
in ClientHello:
{{{
TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
TLS_RSA_WITH_RC4_128_MD5 (0x0004)
TLS_RSA_WITH_RC4_128_SHA (0x0005)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
}}}
which seem to be the ciphers enabled by default in about:config (in the
`security.ssl3` area), plus the RI ciphersuite (0x00ff).
The current Firefox defaults can be found in:
https://mxr.mozilla.org/mozilla-central/source/netwerk/base/public
/security-prefs.js
(and https://hg.mozilla.org/mozilla-
central/filelog/c5b90ea7e475/netwerk/base/public/security-prefs.js)
and some relevant code is:
https://mxr.mozilla.org/mozilla-
central/source/security/manager/ssl/src/nsNSSComponent.cpp#1790
and https://mxr.mozilla.org/mozilla-
central/source/security/nss/lib/ssl/ssl3con.c#4008
The problem with copy-pasting Firefox's cipher list is that we might run
into problems when Firefox changes its cipher list, like it happened with
SSL DH modulus. Still, I'm not sure if randomization is a better solution
either. It will complicate the implementation (since we will still need to
always have a strong PFS ciphersuite in the "randomized" cipher list), and
I'm not sure if it will help in the long run (China might whitelist cipher
lists, or it might start detecting clients connecting to SSL services that
always have a different cipher list.).
I would go with copy-pasting Firefox's cipher list and monitoring the
`security-prefs.js` file for changes.
Thoughts?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4744#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list