Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS fingerprinting vulns #11

Closed
klzgrad opened this issue Nov 5, 2017 · 3 comments
Closed

TLS fingerprinting vulns #11

klzgrad opened this issue Nov 5, 2017 · 3 comments
Assignees
@GreaterFire
Labels
enhancement

Comments

@klzgrad
Copy link
Contributor

klzgrad commented Nov 5, 2017

Is the TLS stack used here being audited for fingerprinting potential?

  • The cipher list in ClientHello (Tor had this issue).
  • Other parameters in ClientHello (I noticed there is no padding. Bad.)
  • The certificate format.
  • SNI?
  • I think in theory the TLS state machine in specific implementations will also have identifying information from its state transition.
@GreaterFire
Copy link
Member

GreaterFire commented Nov 5, 2017
edited
Loading

Thank you for your report. Can you please specify your listed vulnerabilities so that I can make improvements? For example, I don't know what you mean by SNI. Trojan indeed adds SNI in Client Hello.
BTW, can you elaborate on the reasons we need Client Hello padding?

@GreaterFire GreaterFire self-assigned this Nov 5, 2017
@klzgrad
Copy link
Contributor Author

klzgrad commented Nov 5, 2017

There are no immediate issues to fix as I was just asking if you are aware of the list of potential TLS fingerprinting features because I didn't see any claims in the docs about it and a cursory look found at least the cipher list seemed quite unique. Tor had the lesson of getting detected by the GFW via TLS fingerprinting. It shouldn't be repeated.

@GreaterFire GreaterFire mentioned this issue Nov 7, 2017
Closed
6 tasks
@klzgrad
Copy link
Contributor Author

klzgrad commented Nov 25, 2017

Merge into #13.

@klzgrad klzgrad closed this as completed Nov 25, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GreaterFire GreaterFire

Labels
enhancement
Milestone
No milestone
Development

No branches or pull requests
2 participants
@klzgrad @GreaterFire