[tor-bugs] #12778 [meek]: Put meek HTTP headers on a diet
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 26 23:15:26 UTC 2014
#12778: Put meek HTTP headers on a diet
-----------------------------+--------------------
Reporter: dcf | Owner: dcf
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: meek | Version:
Resolution: fixed | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------
Changes (by dcf):
* status: new => closed
* resolution: => fixed
Comment:
I shortened the session ID (to 8 bytes, 11 base64-encoded) in
[https://gitweb.torproject.org/pluggable-
transports/meek.git/commit/?id=4812b9a8b6c0b1798b7980d0a7f04d25dae4b396
4812b9a8].
I removed extraneous headers from the Firefox helper in
[https://gitweb.torproject.org/pluggable-
transports/meek.git/commit/?id=0e6ced86880b54f57a80b34d7f1b32a0eaa33b48
0e6ced86].
In order to shorten meek-client's session ID, I had to lower meek-server's
requirement for session ID length in [https://gitweb.torproject.org
/pluggable-
transports/meek.git/commit/?id=c8f2dd1e6717b7fd4f3b96874a68dde9151411b3
c8f2dd1e]. The requirement is a guard against client misimplementations
(like someone forgetting to send the X-Session-Id header), but it was
stricter than it needed to be. The operators of the meek-amazon, meek-
azure, and meek-google backends have already upgraded. If someone uses an
client with short IDs with an unupgraded server that requires longer IDs,
the connection will fail with a 400 Bad Request error.
The client header, with the Firefox helper, now looks like this, about 162
bytes:
{{{
POST / HTTP/1.1\r\n
X-Session-Id: NTfizNtP+EU\r\n
Host: meek-reflect.appspot.com\r\n
Content-Type:application/octet-stream\r\n
Content-Length: 543\r\n
Connection: keep-alive\r\n
\r\n
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12778#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list