Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #29430

Closed (moved)
Open
Opened Feb 07, 2019 by David Fifield@dcf

Use uTLS for meek TLS camouflage in Tor Browser

Now that meek and meek_lite have or will soon have support for TLS camouflage using uTLS (#29077 (moved)), we have the option of using that instead of the meek-http-helper headless Firefox extension.

The torrc line:

ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client

will lose the meek-client-torbrowser to become just

ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client

In bridge_prefs.js, the bridge line will get an additional utls parameter:

meek 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com utls=HelloIOS_Auto

There's the option of continuing to use the same meek repo as we do now; or of removing that code and using obfs4proxy instead, since they both have uTLS support. Using obfs4proxy will have the advantage of smaller packaging, because there will be one binary instead of two.

There's one more complication, which is tor-launcher and Moat. tor-launcher has its own meek configuration separate from Tor Browser's. It gets the path to the meek-client executable from the control port (ultimately from torrc-defaults), but it has its own version of the url= and front= parameters, and it passes those to the executable to the executable as -url and -front command line arguments, not as SOCKS args. meek-client with uTLS has a -utls command line arg, so that's easy to adapt; but since obfs4proxy doesn't understand those command line args, either obfs4proxy would have to add them, or tor-launcher would have to start passing them as SOCKS args.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#29430