ScrambleSuit session ticket handshake failures
At first I thought this was an obfsclient problem, but I can get the same behaviour to happen with obfsproxy.
How to reproduce:
- Do a UniformDH handshake to obtain a session ticket.
- Kill tor/obfsproxy
- Wait 30 mins
- Try to connect (SessionTicket will be used)
- The session ticket handshake fails.
Looking at the obfsproxy logs (with the debug level), it is pulling the previously saved ticket from disk and sending a handshake message after doing deriving all the keys.
The only "real" bridge I tested against was the one that phw runs (identifies itself as ScrambleSuit0) that was posted to tor-talk back in October, since I'm not sufficiently human to solve the BridgeDB captcha, so this may be a issue with the version of the code that's running on the bridge, and not something that I will run into in the wild.
When I run a local bridge, I can't reproduce this behaviour either.
(On a side note, obfsproxy does not appear to implement a timeout, it takes 5 mins for tor to give up, and tor does not appear to retry when a UniformDH handshake would succeed. From a user's perspective, the UX isn't great if their ticket happens to expire.)