Delivery-Date: Fri, 01 May 2015 21:16:11 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id DDE5D1E1076
	for <archiver@seul.org>; Fri,  1 May 2015 21:16:08 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9E77833573;
	Sat,  2 May 2015 01:16:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 06A8E20CCB
 for <tor-talk@lists.torproject.org>; Sat,  2 May 2015 01:16:01 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id zfJ9DnJtf6Ic for <tor-talk@lists.torproject.org>;
 Sat,  2 May 2015 01:16:00 +0000 (UTC)
Received: from server4.tvdw.eu (lauravdw.com [IPv6:2001:1af8:4100:a00d:4::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 81E7220A63
 for <tor-talk@lists.torproject.org>; Sat,  2 May 2015 01:16:00 +0000 (UTC)
Received: from [70.103.6.116] (helo=Toms-MacBook-Pro.local)
 by server4.tvdw.eu with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128)
 (Exim 4.84) (envelope-from <info@tvdw.eu>) id 1YoM24-0007jK-QW
 for tor-talk@lists.torproject.org; Sat, 02 May 2015 03:15:53 +0200
Message-ID: <55442543.5090209@tvdw.eu>
Date: Fri, 01 May 2015 18:15:47 -0700
From: Tom van der Woerdt <info@tvdw.eu>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10;
 rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <084001d0841c$d98b4c40$8ca1e4c0$@gmail.com>
In-Reply-To: <084001d0841c$d98b4c40$8ca1e4c0$@gmail.com>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] What is being detected to alert upon?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

The security added by Tor mimicking Firefox' TLS hello is questionable. 
It's a leftover concept from the initial versions of Tor, before 
pluggable transports became a thing.

Tor is pretty easy to fingerprint and as all relays are published in the 
consensus anyway fingerprinting isn't a big deal.

Bridges might have some very small benefit from looking like an old 
Firefox, but this is not proven. Also, pluggable transports completely 
eliminate the need for fingerprint resistance in Tor.

Tom




Allen schreef op 01/05/15 om 07:41:
> I didn't see an answer to this question, but I did compare the TLS Hello's
> from Firefox and the Tor binary distributed by torproject.org and there are
> lots of differences (see the two files attached), so I'm not sure this is
> worth worrying about...
>
>
> -----Original Message-----
> From: Allen [mailto:allenpmd@gmail.com]
> Sent: Thursday, April 30, 2015 5:49 PM
> To: tor-talk@lists.torproject.org
> Subject: RE: [tor-talk] What is being detected to alert upon?
>
>> a connection to a Tor bridge looks kind of like regular TLS traffic.
>
> Question: I recompiled OpenSSL to remove a bunch of features that look
> unnecessary and might present a security risk, such as SSL2, SSL3 and DTLS.
> (In case it matters, it is OpenSSL v1.0.2a and the specific configure
> options are no-ssl2 no-ssl3 no-idea no-dtls no-psk no-srp no-dso no-npn
> no-hw no-engines -DOPENSSL_NO_HEARTBEATS -DOPENSSL_USE_IPV6=0).
>
> I'm using this rebuilt DLL with Tor.  Does this compromise Tor's TLS
> handshake so that it no longer looks like Firefox?  If so, what so I need to
> do to allow Tor to mimic Firefox's TLS handshake?
>
>
>

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

