Delivery-Date: Fri, 20 May 2016 21:43:39 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=no version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 0C3571E0C65;
	Fri, 20 May 2016 21:43:37 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 19C11E048A;
	Sat, 21 May 2016 01:43:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 792D2E03E0
 for <tor-talk@lists.torproject.org>; Sat, 21 May 2016 01:43:25 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id HJi1CXUkhsxy for <tor-talk@lists.torproject.org>;
 Sat, 21 May 2016 01:43:25 +0000 (UTC)
Received: from melchior.bamsoftware.com (melchior.bamsoftware.com
 [IPv6:2600:3c00:e000:128:de39:20ee:9704:752d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 2CDDEE03D0
 for <tor-talk@lists.torproject.org>; Sat, 21 May 2016 01:43:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=bamsoftware.com; s=mail; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=j2Ry37abDVoJuyuniWQwpP0HpIFgV5Bs4/87NAidaN4=; 
 b=UTM5aEaqCE5EYt8by91CFd4d9Be3OLXG93xQHE98K43eUww7fR333GA49ZBB1RYpMaUDOHeb3gFFilTRHMqRjxY/d6w9BXNLhKfvDCArEKZjooV8jBxJso3A9z/ENytiWPJUnAeOEDci4ho9rBj0V+INJUWhvr5Huze0IDNw/H8=;
Date: Fri, 20 May 2016 18:42:57 -0700
From: David Fifield <david@bamsoftware.com>
To: tor-talk@lists.torproject.org
Message-ID: <20160521014257.GA13762@happy.bamsoftware.com>
Mail-Followup-To: tor-talk@lists.torproject.org
References: <C32F85D1-4226-4650-B38C-237D860D4F56@gmail.com>
 <20160508203747.GA25441@happy.bamsoftware.com>
 <20160512024017.GD14712@happy.bamsoftware.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20160512024017.GD14712@happy.bamsoftware.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
X-Spam_score: -2.9
X-Spam_bar: --
Subject: Re: [tor-talk] Pluggable Transports and DPI
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, May 11, 2016 at 07:40:17PM -0700, David Fifield wrote:
> On Sun, May 08, 2016 at 01:37:47PM -0700, David Fifield wrote:
> > With the meek blocking, it might be that they are doing some kind of
> > timing analysis, or it might be that we screwed up something simple like
> > the TLS signature. Could you try it in these configurations?
> > 	Tor Browser 5.5.5 https://blog.torproject.org/blog/tor-browser-555-released
> > 	Tor Browser 6.0a5 https://blog.torproject.org/blog/tor-browser-60a5-released
> > 	meek_lite in obfs4proxy
> > TB 6.0a5 uses a different version of Firefox than 5.5.5, so the TLS
> > signature might be different (I haven't checked yet). To run meek_lite,
> > use a torrc file like this one:
> > 	UseBridges 1
> > 	ClientTransportPlugin meek_lite exec ./obfs4proxy
> > 	Bridge meek_lite 0.0.3.0:5 url=https://meek-reflect.appspot.com/ front=www.google.com
> 
> Justin helped me by running some tests and we think we know how this
> Cyberoam device is blocking meek connections. It blocks TLS connections
> that have the Firefox 38's TLS signature and that have an SNI field that
> is one of our front domains: www.google.com, a0.awsstatic.com,
> ajax.aspnetcdn.com.

If you're curious about what changed in the TLS fingerprint between
Firefox 38 and 45, I did a dissection of the first client hello. The
only difference is in the Application Layer Protocol Negotiation
extension (RFC 7301). The new fingerprint omits support for draft
versions of HTTP/2 (h2-14, h2-15, h2-16).

https://trac.torproject.org/projects/tor/wiki/doc/meek/SampleClientHellos#Firefox38.8.0esronDebianstretchsid2016-05-20
https://trac.torproject.org/projects/tor/wiki/doc/meek/SampleClientHellos#Firefox45.0.2esronDebianstretchsid2016-05-20

 Secure Sockets Layer
     TLSv1.2 Record Layer: Handshake Protocol: Client Hello
         Content Type: Handshake (22)
         Version: TLS 1.0 (0x0301)
-        Length: 205
+        Length: 187
         Handshake Protocol: Client Hello
             Handshake Type: Client Hello (1)
-            Length: 201
+            Length: 183
             Version: TLS 1.2 (0x0303)
             Random
-                GMT Unix Time: Jul  7, 2073 20:16:39.000000000 PDT
-                Random Bytes: ffb333dea40c3d3d9b1fec5a4597a4775586382abfe0ee05...
+                GMT Unix Time: Feb 20, 2060 19:25:19.000000000 PST
+                Random Bytes: 54f218375ad711853b36f8becbd4b085f0e3f53bb48d4149...
             Session ID Length: 0
             Cipher Suites Length: 22
             Cipher Suites (11 suites)
                 Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
                 Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                 Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                 Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                 Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                 Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                 Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                 Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                 Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                 Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                 Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
             Compression Methods Length: 1
             Compression Methods (1 method)
                 Compression Method: null (0)
-            Extensions Length: 138
+            Extensions Length: 120
             Extension: server_name
                 Type: server_name (0x0000)
                 Length: 23
                 Server Name Indication extension
                     Server Name list length: 21
                     Server Name Type: host_name (0)
                     Server Name length: 18
                     Server Name: ajax.aspnetcdn.com
             Extension: renegotiation_info
                 Type: renegotiation_info (0xff01)
                 Length: 1
                 Renegotiation Info extension
                     Renegotiation info extension length: 0
             Extension: elliptic_curves
                 Type: elliptic_curves (0x000a)
                 Length: 8
                 Elliptic Curves Length: 6
                 Elliptic curves (3 curves)
                     Elliptic curve: secp256r1 (0x0017)
                     Elliptic curve: secp384r1 (0x0018)
                     Elliptic curve: secp521r1 (0x0019)
             Extension: ec_point_formats
                 Type: ec_point_formats (0x000b)
                 Length: 2
                 EC point formats Length: 1
                 Elliptic curves point formats (1)
                     EC point format: uncompressed (0)
             Extension: SessionTicket TLS
                 Type: SessionTicket TLS (0x0023)
                 Length: 0
                 Data (0 bytes)
             Extension: next_protocol_negotiation
                 Type: next_protocol_negotiation (0x3374)
                 Length: 0
             Extension: Application Layer Protocol Negotiation
                 Type: Application Layer Protocol Negotiation (0x0010)
-                Length: 41
-                ALPN Extension Length: 39
+                Length: 23
+                ALPN Extension Length: 21
                 ALPN Protocol
-                    ALPN string length: 5
-                    ALPN Next Protocol: h2-16
-                    ALPN string length: 5
-                    ALPN Next Protocol: h2-15
-                    ALPN string length: 5
-                    ALPN Next Protocol: h2-14
                     ALPN string length: 2
                     ALPN Next Protocol: h2
                     ALPN string length: 8
                     ALPN Next Protocol: spdy/3.1
                     ALPN string length: 8
                     ALPN Next Protocol: http/1.1
             Extension: status_request
                 Type: status_request (0x0005)
                 Length: 5
                 Certificate Status Type: OCSP (1)
                 Responder ID list Length: 0
                 Request Extensions Length: 0
             Extension: signature_algorithms
                 Type: signature_algorithms (0x000d)
                 Length: 22
                 Signature Hash Algorithms Length: 20
                 Signature Hash Algorithms (10 algorithms)
                     Signature Hash Algorithm: 0x0401
                         Signature Hash Algorithm Hash: SHA256 (4)
                         Signature Hash Algorithm Signature: RSA (1)
                     Signature Hash Algorithm: 0x0501
                         Signature Hash Algorithm Hash: SHA384 (5)
                         Signature Hash Algorithm Signature: RSA (1)
                     Signature Hash Algorithm: 0x0601
                         Signature Hash Algorithm Hash: SHA512 (6)
                         Signature Hash Algorithm Signature: RSA (1)
                     Signature Hash Algorithm: 0x0201
                         Signature Hash Algorithm Hash: SHA1 (2)
                         Signature Hash Algorithm Signature: RSA (1)
                     Signature Hash Algorithm: 0x0403
                         Signature Hash Algorithm Hash: SHA256 (4)
                         Signature Hash Algorithm Signature: ECDSA (3)
                     Signature Hash Algorithm: 0x0503
                         Signature Hash Algorithm Hash: SHA384 (5)
                         Signature Hash Algorithm Signature: ECDSA (3)
                     Signature Hash Algorithm: 0x0603
                         Signature Hash Algorithm Hash: SHA512 (6)
                         Signature Hash Algorithm Signature: ECDSA (3)
                     Signature Hash Algorithm: 0x0203
                         Signature Hash Algorithm Hash: SHA1 (2)
                         Signature Hash Algorithm Signature: ECDSA (3)
                     Signature Hash Algorithm: 0x0402
                         Signature Hash Algorithm Hash: SHA256 (4)
                         Signature Hash Algorithm Signature: DSA (2)
                     Signature Hash Algorithm: 0x0202
                         Signature Hash Algorithm Hash: SHA1 (2)
                         Signature Hash Algorithm Signature: DSA (2)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

