[tor-talk] Tor and resumed TLS handshakes
Mansour Moufid
mansourmoufid at gmail.com
Mon Sep 26 01:25:00 UTC 2011
Hello list,
I'm reading about TLS, and just read more about the "resumed TLS
handshake" shortcut.
Apparently the "session ID"/"resume" value in ServerHello/ClientHello
can be a privacy concern. [1] I think it might also conflicts with the
goals of Tor, so I was curious if Torbutton was blocking it. This is
what I tried, to check Torbutton, on a Ubuntu LiveCD:
Install Tor, polipo, check it works, etc. Then stop Tor and instead
set up a local SOCKS proxy with SSH:
ubuntu at ubuntu:~$ sudo service tor stop
ubuntu at ubuntu:~$ ssh -D 9050 ubuntu at localhost
(Leaving polipo as-is.)
Install ssldump. Start Firefox with Torbutton toggled. Go to some
HTTPS-enabled site, like Twitter, but first start ssldump. ssldump
prints the "session ID" field first sent by the server:
ubuntu at ubuntu:~$ sudo ssldump -d -i eth0 | grep -A4 ServerHello
ServerHello
Version 3.1
session_id[32]=
69 46 56 83 f5 06 88 20 85 56 96 1a 6f 91 31 74
51 85 11 85 10 e5 6f 5b 43 07 0c 27 83 8c f8 a4
...
Use Twitter some more... ssldump shows the browser parroting the same
number back:
ubuntu at ubuntu:~$ sudo ssldump -d -i eth0 | grep -A4 ClientHello
ClientHello
Version 3.1
resume [32]=
69 46 56 83 f5 06 88 20 85 56 96 1a 6f 91 31 74
51 85 11 85 10 e5 6f 5b 43 07 0c 27 83 8c f8 a4
...
Seems like a nice way for Google Analytics or others to track users
across exit nodes... Is this likely? Did I miss something?
[1] https://trac.webkit.org/wiki/Fingerprinting#SessionIDs
--
Mansour
More information about the tor-talk
mailing list