[tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 7 23:17:13 UTC 2019 

#29430: Use uTLS for meek TLS camouflage in Tor Browser
------------------------------------------+-----------------------
     Reporter:  dcf                       |      Owner:  tbb-team
         Type:  enhancement               |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  meek utls
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+-----------------------
 Now that meek and meek_lite have or will soon have support for TLS
 camouflage using uTLS (#29077), we have the option of using that instead
 of the meek-http-helper headless Firefox extension.

 The torrc line:
 {{{
 ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-
 client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client
 }}}
 will lose the meek-client-torbrowser to become just
 {{{
 ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-
 client
 }}}

 In bridge_prefs.js, the bridge line will get an additional `utls`
 parameter:
 {{{
 meek 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE
 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com
 utls=HelloIOS_Auto
 }}}

 There's the option of continuing to use the same meek repo as we do now;
 or of removing that code and using obfs4proxy instead, since they both
 have uTLS support. Using obfs4proxy will have the advantage of smaller
 packaging, because there will be one binary instead of two.

 There's one more complication, which is tor-launcher and Moat. tor-
 launcher has its own meek configuration separate from Tor Browser's. It
 gets the path to the meek-client executable [https://gitweb.torproject.org
 /tor-launcher.git/tree/src/chrome/content/network-
 settings.js?h=0.2.18#n539 from the control port] (ultimately from torrc-
 defaults), but it has [https://gitweb.torproject.org/tor-
 launcher.git/tree/src/defaults/preferences/prefs.js?h=0.2.18#n48 its own
 version] of the `url=` and `front=` parameters, and it
 [https://gitweb.torproject.org/tor-launcher.git/tree/src/modules/tl-
 bridgedb.jsm?h=0.2.18#n211 passes those to the executable] to the
 executable as `-url` and `-front` command line arguments, not as SOCKS
 args. meek-client with uTLS has a `-utls` command line arg, so that's easy
 to adapt; but since obfs4proxy doesn't understand those command line args,
 either obfs4proxy would have to add them, or tor-launcher would have to
 start passing them as SOCKS args.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29430>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list