I didn't see an answer to this question, but I did compare the TLS Hello's from Firefox and the Tor binary distributed by torproject.org and there are lots of differences (see the two files attached), so I'm not sure this is worth worrying about...
-----Original Message----- From: Allen [mailto:allen...@gmail.com] Sent: Thursday, April 30, 2015 5:49 PM To: tor-talk@lists.torproject.org Subject: RE: [tor-talk] What is being detected to alert upon? > a connection to a Tor bridge looks kind of like regular TLS traffic. Question: I recompiled OpenSSL to remove a bunch of features that look unnecessary and might present a security risk, such as SSL2, SSL3 and DTLS. (In case it matters, it is OpenSSL v1.0.2a and the specific configure options are no-ssl2 no-ssl3 no-idea no-dtls no-psk no-srp no-dso no-npn no-hw no-engines -DOPENSSL_NO_HEARTBEATS -DOPENSSL_USE_IPV6=0). I'm using this rebuilt DLL with Tor. Does this compromise Tor's TLS handshake so that it no longer looks like Firefox? If so, what so I need to do to allow Tor to mimic Firefox's TLS handshake?
FireFox 37.0.2 - TLS: TLS Rec Layer-1 HandShake: Client Hello. - TlsRecordLayer: TLS Rec Layer-1 HandShake: ContentType: HandShake: - Version: TLS 1.0 Major: 3 (0x3) Minor: 1 (0x1) Length: 206 (0xCE) - SSLHandshake: SSL HandShake ClientHello(0x01) HandShakeType: ClientHello(0x01) Length: 202 (0xCA) - ClientHello: TLS 1.2 - Version: TLS 1.2 Major: 3 (0x3) Minor: 3 (0x3) - RandomBytes: TimeStamp: 09/20/2025, 21:03:20 .0000 UTC RandomBytes: Binary Large Object (28 Bytes) SessionIDLength: 0 (0x0) CipherSuitesLength: 24 - TLSCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 { 0xC0,0x2B } Cipher: 49195 (0xC02B) - TLSCipherSuites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 { 0xC0,0x2F } Cipher: 49199 (0xC02F) - TLSCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA { 0xC0,0x0A } Cipher: 49162 (0xC00A) - TLSCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA { 0xC0,0x09 } Cipher: 49161 (0xC009) - TLSCipherSuites: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA { 0xC0,0x13 } Cipher: 49171 (0xC013) - TLSCipherSuites: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA { 0xC0,0x14 } Cipher: 49172 (0xC014) - TLSCipherSuites: TLS_DHE_RSA_WITH_AES_128_CBC_SHA { 0x00, 0x33 } Cipher: 51 (0x33) - TLSCipherSuites: TLS_DHE_RSA_WITH_AES_256_CBC_SHA { 0x00, 0x39 } Cipher: 57 (0x39) - TLSCipherSuites: TLS_RSA_WITH_AES_128_CBC_SHA { 0x00, 0x2F } Cipher: 47 (0x2F) - TLSCipherSuites: TLS_RSA_WITH_AES_256_CBC_SHA { 0x00, 0x35 } Cipher: 53 (0x35) - TLSCipherSuites: TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } Cipher: 10 (0xA) - TLSCipherSuites: Unknown Cipher Cipher: 255 (0xFF) CompressionMethodsLength: 1 (0x1) CompressionMethods: 0 (0x0) ExtensionsLength: 137 (0x89) - ClientHelloExtension: Server Name(0x0000) ExtensionType: Server Name(0x0000) ExtensionLength: 19 (0x13) NameListLength: 17 (0x11) NameType: Host Name (0) NameLength: 14 (0xE) ServerName: www.kernel.org - ClientHelloExtension: EC Point Formats(0x000B) ExtensionType: EC Point Formats(0x000B) ExtensionLength: 4 (0x4) ECPointLength: 3 (0x3) ECPointFormat: uncompressed(0x00) ECPointFormat: ansiX962_compressed_prime(0x01) ECPointFormat: ansiX962_compressed_char2(0x02) - ClientHelloExtension: Elliptic Curves(0x000A) ExtensionType: Elliptic Curves(0x000A) ExtensionLength: 8 (0x8) CurvesLength: 6 (0x6) NamedCurve: secp256r1(0x0017) NamedCurve: secp384r1(0x0018) NamedCurve: secp521r1(0x0019) - ClientHelloExtension: SessionTicket TLS(0x0023) ExtensionType: SessionTicket TLS(0x0023) ExtensionLength: 0 (0x0) - ClientHelloExtension: Signature Algorithms(0x000D) ExtensionType: Signature Algorithms(0x000D) ExtensionLength: 32 (0x20) Data: Binary Large Object (32 Bytes) - ClientHelloExtension: Unknown Extension Type ExtensionType: Unknown Extension Type ExtensionLength: 1 (0x1) Data: Binary Large Object (1 Bytes) - ClientHelloExtension: Unknown Extension Type ExtensionType: Unknown Extension Type ExtensionLength: 0 (0x0) - ClientHelloExtension: Unknown Extension Type ExtensionType: Unknown Extension Type ExtensionLength: 41 (0x29) Data: Binary Large Object (41 Bytes)
Tor win32 0.2.6.7 - TLS: TLS Rec Layer-1 HandShake: Client Hello. - TlsRecordLayer: TLS Rec Layer-1 HandShake: ContentType: HandShake: - Version: TLS 1.0 Major: 3 (0x3) Minor: 1 (0x1) Length: 232 (0xE8) - SSLHandshake: SSL HandShake ClientHello(0x01) HandShakeType: ClientHello(0x01) Length: 228 (0xE4) - ClientHello: TLS 1.2 - Version: TLS 1.2 Major: 3 (0x3) Minor: 3 (0x3) - RandomBytes: TimeStamp: 01/26/1978, 07:04:34 .0000 UTC RandomBytes: Binary Large Object (28 Bytes) SessionIDLength: 0 (0x0) CipherSuitesLength: 48 - TLSCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 { 0xC0,0x2B } Cipher: 49195 (0xC02B) - TLSCipherSuites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 { 0xC0,0x2F } Cipher: 49199 (0xC02F) - TLSCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA { 0xC0,0x0A } Cipher: 49162 (0xC00A) - TLSCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA { 0xC0,0x09 } Cipher: 49161 (0xC009) - TLSCipherSuites: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA { 0xC0,0x13 } Cipher: 49171 (0xC013) - TLSCipherSuites: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA { 0xC0,0x14 } Cipher: 49172 (0xC014) - TLSCipherSuites: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA { 0xC0,0x12 } Cipher: 49170 (0xC012) - TLSCipherSuites: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA { 0xC0,0x07 } Cipher: 49159 (0xC007) - TLSCipherSuites: TLS_ECDHE_RSA_WITH_RC4_128_SHA { 0xC0,0x11 } Cipher: 49169 (0xC011) - TLSCipherSuites: TLS_DHE_RSA_WITH_AES_128_CBC_SHA { 0x00, 0x33 } Cipher: 51 (0x33) - TLSCipherSuites: TLS_DHE_DSS_WITH_AES_128_CBC_SHA { 0x00, 0x32 } Cipher: 50 (0x32) - TLSCipherSuites: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA { 0x00, 0x45 } Cipher: 69 (0x45) - TLSCipherSuites: TLS_DHE_RSA_WITH_AES_256_CBC_SHA { 0x00, 0x39 } Cipher: 57 (0x39) - TLSCipherSuites: TLS_DHE_DSS_WITH_AES_256_CBC_SHA { 0x00, 0x38 } Cipher: 56 (0x38) - TLSCipherSuites: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA { 0x00, 0x88 } Cipher: 136 (0x88) - TLSCipherSuites: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x16} Cipher: 22 (0x16) - TLSCipherSuites: TLS_RSA_WITH_AES_128_CBC_SHA { 0x00, 0x2F } Cipher: 47 (0x2F) - TLSCipherSuites: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA { 0x00, 0x41 } Cipher: 65 (0x41) - TLSCipherSuites: TLS_RSA_WITH_AES_256_CBC_SHA { 0x00, 0x35 } Cipher: 53 (0x35) - TLSCipherSuites: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA { 0x00, 0x84 } Cipher: 132 (0x84) - TLSCipherSuites: TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } Cipher: 10 (0xA) - TLSCipherSuites: TLS_RSA_WITH_RC4_128_SHA { 0x00,0x05 } Cipher: 5 (0x5) - TLSCipherSuites: TLS_RSA_WITH_RC4_128_MD5 { 0x00,0x04 } Cipher: 4 (0x4) - TLSCipherSuites: Unknown Cipher Cipher: 255 (0xFF) CompressionMethodsLength: 1 (0x1) CompressionMethods: 0 (0x0) ExtensionsLength: 139 (0x8B) - ClientHelloExtension: Server Name(0x0000) ExtensionType: Server Name(0x0000) ExtensionLength: 26 (0x1A) NameListLength: 24 (0x18) NameType: Host Name (0) NameLength: 21 (0x15) ServerName: www.mqmaoa6ufwefd.com - ClientHelloExtension: EC Point Formats(0x000B) ExtensionType: EC Point Formats(0x000B) ExtensionLength: 4 (0x4) ECPointLength: 3 (0x3) ECPointFormat: uncompressed(0x00) ECPointFormat: ansiX962_compressed_prime(0x01) ECPointFormat: ansiX962_compressed_char2(0x02) - ClientHelloExtension: Elliptic Curves(0x000A) ExtensionType: Elliptic Curves(0x000A) ExtensionLength: 52 (0x34) CurvesLength: 50 (0x32) NamedCurve: sect571r1(0x000E) NamedCurve: sect571k1(0x000D) NamedCurve: secp521r1(0x0019) NamedCurve: sect409k1(0x000B) NamedCurve: sect409r1(0x000C) NamedCurve: secp384r1(0x0018) NamedCurve: sect283k1(0x0009) NamedCurve: sect283r1(0x000A) NamedCurve: secp256k1(0x0016) NamedCurve: secp256r1(0x0017) NamedCurve: sect239k1(0x0008) NamedCurve: sect233k1(0x0006) NamedCurve: sect233r1(0x0007) NamedCurve: secp224k1(0x0014) NamedCurve: secp224r1(0x0015) NamedCurve: sect193r1(0x0004) NamedCurve: sect193r2(0x0005) NamedCurve: secp192k1(0x0012) NamedCurve: secp192r1(0x0013) NamedCurve: sect163k1(0x0001) NamedCurve: sect163r1(0x0002) NamedCurve: sect163r2(0x0003) NamedCurve: secp160k1(0x000F) NamedCurve: secp160r1(0x0010) NamedCurve: secp160r2(0x0011) - ClientHelloExtension: SessionTicket TLS(0x0023) ExtensionType: SessionTicket TLS(0x0023) ExtensionLength: 0 (0x0) - ClientHelloExtension: Signature Algorithms(0x000D) ExtensionType: Signature Algorithms(0x000D) ExtensionLength: 32 (0x20) Data: Binary Large Object (32 Bytes) - ClientHelloExtension: Unknown Extension Type ExtensionType: Unknown Extension Type ExtensionLength: 1 (0x1) Data: Binary Large Object (1 Bytes)
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk