Delivery-Date: Tue, 09 Feb 2016 16:50:02 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E0A521E0676;
	Tue,  9 Feb 2016 16:50:00 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id C8625390F8;
	Tue,  9 Feb 2016 21:49:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id EE030390B0
 for <tor-talk@lists.torproject.org>; Tue,  9 Feb 2016 21:49:52 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id R_CbmT3Dnsy9 for <tor-talk@lists.torproject.org>;
 Tue,  9 Feb 2016 21:49:52 +0000 (UTC)
Received: from melchior.bamsoftware.com (melchior.bamsoftware.com
 [IPv6:2600:3c00::f03c:91ff:fe96:a467])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id CA00C39086
 for <tor-talk@lists.torproject.org>; Tue,  9 Feb 2016 21:49:52 +0000 (UTC)
Received: from dhcp-153-76.eecs.berkeley.edu ([128.32.153.76] helo=localhost)
 by melchior.bamsoftware.com with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84)
 (envelope-from <david@bamsoftware.com>) id 1aTGAQ-0000D6-6w
 for tor-talk@lists.torproject.org; Tue, 09 Feb 2016 14:49:50 -0700
Date: Tue, 9 Feb 2016 13:49:47 -0800
From: David Fifield <david@bamsoftware.com>
To: tor-talk@lists.torproject.org
Message-ID: <20160209214947.GA7393@happy.bamsoftware.com>
Mail-Followup-To: tor-talk@lists.torproject.org
References: <512753.35066cc4fbb034893b3e6b4367260666f40ff82e@popretr.messagingengine.com>
 <20160208230203.GH9697@happy.bamsoftware.com>
 <1454980907.2669078.515718922.7CAB0F20@webmail.messagingengine.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1454980907.2669078.515718922.7CAB0F20@webmail.messagingengine.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam_score: -2.9
X-Spam_bar: --
Subject: Re: [tor-talk] meek-azure was blocked in China for about 4 days
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Mon, Feb 08, 2016 at 08:21:47PM -0500, Nathan Freitas wrote:
> On Mon, Feb 8, 2016, at 06:02 PM, David Fifield wrote:
> > For about four days (January 29 to February 1, 2016), meek-azure was
> > blocked in China. The blocking may not have been intended for
> > meek-azure, and may not have been deliberate blocking, but it had the
> > effect of blocking the service. It is unblocked again since February 2.
> > 
> > The nature of the event seems to be dropping of HTTPS connections to a
> > specific Azure CDN edge server, cs3.wpc.v0cdn.net, which at the time had
> > an IP address of 68.232.45.200. Plain HTTP connections were not
> > affected. The blocking was not DNS blocking of a specific domain name,
> > nor was it TLS SNI (Server Name Indication) filtering: all domain names
> > we tried for the IP address failed equally.
> 
> Was it port 443 only? What if HTTPS was also made available on port
> 8443? Would that still allow the domain fronting to work?

It would work on any alternate port, but there's no reason why Azure
would open up an extra HTTPS port. We're not in control of that part.

I don't know if the TLS blocking was affecting any other ports. I only
tested using the GreatFire.org testing service.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

