[tor-bugs] #29077 [Obfuscation/meek]: uTLS for meek-client camouflage
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 22 04:48:10 UTC 2019
#29077: uTLS for meek-client camouflage
------------------------------+---------------------
Reporter: dcf | Owner: dcf
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/meek | Version:
Severity: Normal | Resolution:
Keywords: moat utls | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+---------------------
Comment (by yawning):
Replying to [comment:1 dcf]:
> (b) causes the server to select a feature that the client advertised in
its fake fingerprint but doesn't actually support. When this happens, you
get an error in the meek-client log like
> {{{
> error in handling request: tls: server selected unsupported group
> }}}
Probably old news, but since this happens with the `Firefox_Auto` preset
on the Azure bridge, I looked into it a bit, and it is primarily caused by
`utls`'s support for curves other than X25519 being non-existent in
certain cases.
This is code inherited from `crypto/tls`, and the issue arises from the
assumption that the server will always negotiate X25519
(ajax.aspnetcdn.com will pick `secp256r1`) if it is present in the
ClientHello's Supported Curves extension.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29077#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list