Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #28168

Closed (moved)
Open
Opened Oct 23, 2018 by David Fifield@dcf

Use ESNI via Firefox HTTPS helper

As of 2018-10-18, Firefox Nightly supports encrypted SNI, and Cloudflare supports it on the server side. Because meek supports using Firefox as a channel for issuing HTTPS requests, it ought to be pretty easy to adapt the meek client software to use ESNI rather than domain fronting. The server software doesn't need any change.

These steps are untested:

  1. Download Tor Browser and Firefox Nightly.
  2. Go to about:config in Firefox Nightly and set
    • network.trr.mode=3
    • network.trr.uri=!https://1.1.1.1/dns-query
    • network.security.esni.enabled=true
  3. Copy the !meek-http-helper@bamsoftware.com.xpi from Tor Browser to Firefox Nightly.
  4. Hack meek-client-torbrowser/{mac,linux,windows}.go to point firefoxPath at the copy of Firefox Nightly and disable the custom profile. (Additional hacks to remove hardcoded Tor Browser assumptions may be required.)
  5. Set up a Cloudflare instance pointing to !https://meek.bamsoftware.com/, call it !https://meek.example.com/.
  6. Set up a [[doc/meek#Howtochangethefrontdomain|custom bridge]] in Tor Browser, using url= without front= (because we're no longer domain fronting).\bridge meek 0.0.2.0:3 url=https://meek.example.com/

Of course, once ESNI support makes it into the version of Firefox used by Tor Browser, this will be even easier, not requiring a separate Firefox Nightly.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#28168