On Sun, Sep 1, 2024 at 1:46 PM Moorko <m...@moorko.net> wrote: > > Thanks for your detailed response, Daniel. > > I now realize that I clearly missed the big picture here as I'm relatively > new to this domain.
No worries! Looks like you're tackling a tricky problem and asking the right questions :-) > > I'm not sure what "flexible" means specifically. > > I'm implementing a TLS handshake fragmentation feature for OpenConnect so > that it can better resist internet censorship in Iran (and potentially in > other places as well). Ah. We have a tag for Iran-censorship-related issues, definitely peruse these if you haven't already: https://gitlab.com/openconnect/openconnect/-/issues/?label_name%5B%5D=Damet%20Garm Here's a recent and very timely Twitter thread that touches on using packet fragmentation at various layers to defeat censorship: https://twitter.com/endermanch/status/1829648801612906916 As described in this thread, injecting extra fragmentation is AT BEST a stopgap solution, exploiting a lack of (or bugginess in) stateful session tracking, and nation-level censors WILL eventually prevent it from working. > This "fragmentation" can occur at two layers: > > 1. The TLS handshake record layer > > 2. The TCP layer > > I found an API in OpenSSL that allows for modifying the TLS ClientHello > packet for this purpose: > https://docs.openssl.org/master/man3/SSL_CTX_set_split_send_fragment/ > > However, I couldn't find a similar API in GnuTLS. > > Performing TCP layer segmentation for ClientHello is possible in both OpenSSL > and GnuTLS as it is possible in both of them to inject your own transport > layer send() function. > > It is possible to implement TLS record fragmentation in GnuTLS, but it would > require manually handling the entire process within the custom send() > function. This approach feels a bit hacky and might compromise code > consistency. What do you think? Would the team consider merging something > like this? It's probably not a feature that would be used by most users > (since I presume most users don't have censorship problems), but it could > significantly help those trying to evade censorship. > > It was only after I implemented the fragmentation feature that I realized > Linux distributions wouldn't include this change because by default they're > using GnuTLS and I only implemented this for OpenSSL. 😅 Sounds like you've already implemented it for OpenSSL? Does using this API actually allow you to successfully bypass the Divar-e-Bozorg and establish a TLS handshake with a TLS-based VPN server? 😅 And if so, can you share the code/diff? (Perhaps privately if you prefer.) If this technique does actually work for circumventing censorship, I think we could make a very good case for adding a similar capability to GnuTLS and I'd be happy to help with it :-) > > What's the source for this "better performance" claim > > It's probably not valid. I haven't run any benchmarks myself, so I apologize > for making an unverified claim. I read it here: > https://subscription.packtpub.com/book/security/9781800560345/2/ch02lvl1sec06/comparing-openssl-with-gnutls Let's leave this part aside for now since it's probably not the most important problem to solve. Daniel _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
