Changes

Alexander Hansen Færøy · a1a4b621
--- a/doc/meek/SampleClientHellos.md
+++ b/doc/meek/SampleClientHellos.md
 This is a collection of TLS client hellos that were studied while trying to give [[meek]] a TLS signature like a browser. See #11183.
-{{{
+```
 tshark -V -2 -R ssl.handshake.ciphersuites -r file.pcap
-}}}
+```
 Old versions of Firefox: https://ftp.mozilla.org/pub/firefox/releases/
 [[PageOutline(1-6,Contents,inline,unnumbered)]]
 == meek-client f748701c (2014-02-08)
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -72,10 +72,10 @@ Secure Sockets Layer
                Type: signature_algorithms (0x000d)
                Length: 10
                Data (10 bytes)
-}}}
+```
 == Chrome 33.0.1750.152 Mac OS X 10.9.2 (03/31/2014)
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -169,10 +169,10 @@ Secure Sockets Layer
                Type: Unknown (0x0012)
                Length: 0
                Data (0 bytes)
-}}}
+```
 == Chromium 31.0.1650.63 Debian jessie/sid (238485).
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -260,11 +260,11 @@ Secure Sockets Layer
                Type: signature_algorithms (0x000d)
                Length: 18
                Data (18 bytes)
-}}}
+```
-== GoAgent 3.1.5 [https://github.com/goagent/goagent/commit/6287469afd3b84fb1a4dda69a33d26108e7246a6 6287469afd] (2014-02-28)
+== GoAgent 3.1.5 [6287469afd](https://github.com/goagent/goagent/commit/6287469afd3b84fb1a4dda69a33d26108e7246a6) (2014-02-28)
-Note that no server_name extension is sent. The ciphersuite list is defined [https://github.com/goagent/goagent/blob/6287469afd3b84fb1a4dda69a33d26108e7246a6/local/proxy.py#L802 here], but it doesn't seem to be used unless the [https://github.com/goagent/goagent/blob/6287469afd3b84fb1a4dda69a33d26108e7246a6/local/proxy.py#L871 obfuscate option is set]. If obfuscate is set, it randomly throws out half the ciphers in expectation. Weird stuff: TLSv1.1 (most everything else is either TLSv1.0 or TLSv1.2), large list of supported elliptic curves.
+Note that no server_name extension is sent. The ciphersuite list is defined [here](https://github.com/goagent/goagent/blob/6287469afd3b84fb1a4dda69a33d26108e7246a6/local/proxy.py#L802), but it doesn't seem to be used unless the [obfuscate option is set](https://github.com/goagent/goagent/blob/6287469afd3b84fb1a4dda69a33d26108e7246a6/local/proxy.py#L871). If obfuscate is set, it randomly throws out half the ciphers in expectation. Weird stuff: TLSv1.1 (most everything else is either TLSv1.0 or TLSv1.2), large list of supported elliptic curves.
-{{{
+```
 Secure Sockets Layer
    TLSv1.1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -373,11 +373,11 @@ Secure Sockets Layer
                Type: Heartbeat (0x000f)
                Length: 1
                Mode: Peer allowed to send requests (1)
-}}}
+```
 == flashproxy-reg-appspot 1.6 (02-20-2014)
 flashproxy-reg-url uses httplib and OpenSSL through M2Crypto.
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -492,10 +492,10 @@ Secure Sockets Layer
                Type: Heartbeat (0x000f)
                Length: 1
                Mode: Peer allowed to send requests (1)
-}}}
+```
 == Iceweasel 24.4.0
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -584,15 +584,15 @@ Secure Sockets Layer
            Extension: next_protocol_negotiation
                Type: next_protocol_negotiation (0x3374)
                Length: 0
-}}}
+```
 == PhantomJS 1.9.7
 Looks like OpenSSL, not NSS? SSLv3.0 without extensions.
-{{{
+```
 var page = require('webpage').create();
 page.open("https://meek-reflect.appspot.com", function(status) { console.log("status", status); });
-}}}
+```
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -662,11 +662,11 @@ Secure Sockets Layer
            Compression Methods Length: 1
            Compression Methods (1 method)
                Compression Method: null (0)
-}}}
+```
 == PhantomJS 1.9.7 using TLSv1.0
 You can get TLSv1.0 by running the command `phantomjs --ssl-protocol=TLSv1`.
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -791,10 +791,10 @@ Secure Sockets Layer
                Type: Heartbeat (0x000f)
                Length: 1
                Mode: Peer allowed to send requests (1)
-}}}
+```
 == Tor Browser 3.5.2.1 (Firefox 24.3.0)
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -879,10 +879,10 @@ Secure Sockets Layer
            Extension: next_protocol_negotiation
                Type: next_protocol_negotiation (0x3374)
                Length: 0
-}}}
+```
 == meek-http-helper in Iceweasel 24.3.0
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -971,11 +971,11 @@ Secure Sockets Layer
            Extension: next_protocol_negotiation
                Type: next_protocol_negotiation (0x3374)
                Length: 0
-}}}
+```
 == meek-http-helper running in TB 3.5.2.1
-With attachment:Don-t-prohibit-name-lookups-with-socks_remote_dns-tr.patch:ticket:11183. Seems to differ from Iceweasel only in the "SessionTicket TLS" extension (see #4099).
+With [Don-t-prohibit-name-lookups-with-socks_remote_dns-tr.patch:ticket:11183.](None/Don-t-prohibit-name-lookups-with-socks_remote_dns-tr.patch:ticket:11183.) Seems to differ from Iceweasel only in the "SessionTicket TLS" extension (see #4099).
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -1060,11 +1060,11 @@ Secure Sockets Layer
            Extension: next_protocol_negotiation
                Type: next_protocol_negotiation (0x3374)
                Length: 0
-}}}
+```
-== [https://gitweb.torproject.org/user/dcf/tor-browser-bundle.git/tag/74106067ae570daedfa9252903d97e32eae4becf Tor Browser 3.5.2.1-meek-4]
+== [Tor Browser 3.5.2.1-meek-4](https://gitweb.torproject.org/user/dcf/tor-browser-bundle.git/tag/74106067ae570daedfa9252903d97e32eae4becf)
 Uses a separate browser instance to run the extension as suggested in comment:12:ticket:11183. It matches Iceweasel 24. The only difference is in the client randomness.
-{{{
+```
             Length: 165
             Version: TLS 1.0 (0x0301)
             Random
@@ -1075,9 +1075,9 @@ Uses a separate browser instance to run the extension as suggested in comment:12
             Session ID Length: 0
             Cipher Suites Length: 70
             Cipher Suites (35 suites)
-}}}
+```
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -1166,10 +1166,10 @@ Secure Sockets Layer
            Extension: next_protocol_negotiation
                Type: next_protocol_negotiation (0x3374)
                Length: 0
-}}}
+```
-== [https://blog.torproject.org/blog/tor-browser-364-and-40-alpha-1-are-released Tor Browser 4.0-alpha-1], afflicted with #12766 (2014-08-15)
+== [Tor Browser 4.0-alpha-1](https://blog.torproject.org/blog/tor-browser-364-and-40-alpha-1-are-released), afflicted with #12766 (2014-08-15)
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -1262,11 +1262,11 @@ Secure Sockets Layer
                Type: signature_algorithms (0x000d)
                Length: 18
                Data (18 bytes)
-}}}
+```
-== [https://blog.torproject.org/blog/tor-browser-364-and-40-alpha-1-are-released Tor Browser 4.0-alpha-1] with `security.tls.version.max=1` (2014-08-15)
+== [Tor Browser 4.0-alpha-1](https://blog.torproject.org/blog/tor-browser-364-and-40-alpha-1-are-released) with `security.tls.version.max=1` (2014-08-15)
 Limiting SSL version to TLSv1.0.
-{{{
+```
 Secure Sockets Layer
    SSL Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -1355,10 +1355,10 @@ Secure Sockets Layer
            Extension: next_protocol_negotiation
                Type: next_protocol_negotiation (0x3374)
                Length: 0
-}}}
+```
 == Iceweasel 31.1.0 (2014-10-26)
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -1470,11 +1470,11 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0202
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: DSA (2)
-}}}
+```
-== [https://blog.torproject.org/blog/tor-browser-40-released Tor Browser 4.0] (2014-10-26)
+== [Tor Browser 4.0](https://blog.torproject.org/blog/tor-browser-40-released) (2014-10-26)
 It's [[comment:1:ticket:13442|missing the SessionTicket TLS extension]].
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -1582,11 +1582,11 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0202
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: DSA (2)
-}}}
+```
-== [https://blog.torproject.org/blog/tor-browser-40-released Tor Browser 4.0] with `security.ssl.disable_session_identifiers=false` (2014-10-26)
+== [Tor Browser 4.0](https://blog.torproject.org/blog/tor-browser-40-released) with `security.ssl.disable_session_identifiers=false` (2014-10-26)
 Restores the SessionTicket TLS extension.
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -1698,11 +1698,11 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0202
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: DSA (2)
-}}}
+```
-== [https://download-installer.cdn.mozilla.net/pub/firefox/releases/38.8.0esr/linux-x86_64/en-US/ Firefox 38.8.0esr] on Debian stretch/sid (2016-05-20)
+== [Firefox 38.8.0esr](https://download-installer.cdn.mozilla.net/pub/firefox/releases/38.8.0esr/linux-x86_64/en-US/) on Debian stretch/sid (2016-05-20)
 Including two consecutive client hellos because the second one has a Padding extension.
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -1955,11 +1955,11 @@ Secure Sockets Layer
                Padding Data: 000000000000000000000000000000000000000000000000...
                    Padding length: 0
                    Padding Data: <MISSING>
-}}}
+```
-== [https://download-installer.cdn.mozilla.net/pub/firefox/releases/45.0.2esr/linux-x86_64/ Firefox 45.0.2esr] on Debian stretch/sid (2016-05-20)
+== [Firefox 45.0.2esr](https://download-installer.cdn.mozilla.net/pub/firefox/releases/45.0.2esr/linux-x86_64/) on Debian stretch/sid (2016-05-20)
 Including two consecutive client hellos because the second one has a Padding extension.
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -2200,10 +2200,10 @@ Secure Sockets Layer
                Padding Data: 000000000000000000000000000000000000000000000000...
                    Padding length: 0
                    Padding Data: <MISSING>
-}}}
+```
-== [https://blog.torproject.org/blog/tor-browser-60a5-released Tor Browser 6.0a5] (based on Firefox 45 ESR) with meek-client on Debian stretch/sid (2016-05-20)
+== [Tor Browser 6.0a5](https://blog.torproject.org/blog/tor-browser-60a5-released) (based on Firefox 45 ESR) with meek-client on Debian stretch/sid (2016-05-20)
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -2320,12 +2320,12 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0202
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: DSA (2)
-}}}
+```
 == Tor Browser 6.5a3 (based on Firefox 45.4.0 ESR) on Debian jessie (2015-10-28)
 Identical to [[#Firefox45.2.0esronDebianjessie2016-10-28|Firefox 45.2.0]] (but not [[#Firefox45.2.0esronDebianjessie2016-10-28|Firefox 45.4.0]]).
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -2442,12 +2442,12 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0202
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: DSA (2)
-}}}
+```
-== [https://ftp.mozilla.org/pub/firefox/releases/45.2.0esr/linux-x86_64/en-US/ Firefox 45.2.0esr] on Debian jessie (2016-10-28)
+== [Firefox 45.2.0esr](https://ftp.mozilla.org/pub/firefox/releases/45.2.0esr/linux-x86_64/en-US/) on Debian jessie (2016-10-28)
 Identical to [[#TorBrowser6.5a3basedonFirefox45.4.0ESRonDebianjessie2015-10-28|Tor Browser 6.5a3]].
 Differs from [[#Firefox45.4.0esronDebianjessie2016-10-28]] in that it has one fewer signature hash algorithm.
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -2564,11 +2564,11 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0202
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: DSA (2)
-}}}
+```
-== [https://ftp.mozilla.org/pub/firefox/releases/45.4.0esr/linux-x86_64/en-US/ Firefox 45.4.0esr] on Debian jessie (2016-10-28)
+== [Firefox 45.4.0esr](https://ftp.mozilla.org/pub/firefox/releases/45.4.0esr/linux-x86_64/en-US/) on Debian jessie (2016-10-28)
 Differs from [[#Firefox45.2.0esronDebianjessie2016-10-28]] in that it has one more signature hash algorithm.
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -2688,7 +2688,7 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0202
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: DSA (2)
-}}}
+```
 == Tor Browser 7.0.1 (based on Firefox 52.2.0esr) on Windows 7 (2017-06-22)
@@ -2697,7 +2697,7 @@ Same as
 * [[#TorBrowser7.0.1basedonFirefox52.2.0esronDebianstretch2017-06-22]]
 * [[#Firefox52.2.0esronDebianstretch2017-06-22]]
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -2824,16 +2824,16 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0201
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: RSA (1)
-}}}
+```
-== [https://ftp.mozilla.org/pub/firefox/releases/52.2.0esr/win64/en-US/ Firefox 52.2.0esr] on Windows 7 (2017-06-22)
+== [Firefox 52.2.0esr](https://ftp.mozilla.org/pub/firefox/releases/52.2.0esr/win64/en-US/) on Windows 7 (2017-06-22)
 Same as
 * [[#TorBrowser7.0.1basedonFirefox52.2.0esronWindows72017-06-22]]
 * [[#TorBrowser7.0.1basedonFirefox52.2.0esronDebianstretch2017-06-22]]
 * [[#Firefox52.2.0esronDebianstretch2017-06-22]]
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -2960,7 +2960,7 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0201
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: RSA (1)
-}}}
+```
 == Tor Browser 7.0.1 (based on Firefox 52.2.0esr) on Debian stretch (2017-06-22)
@@ -2969,7 +2969,7 @@ Same as
 * [[#Firefox52.2.0esronWindows72017-06-22]]
 * [[#Firefox52.2.0esronDebianstretch2017-06-22]]
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -3096,16 +3096,16 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0201
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: RSA (1)
-}}}
+```
-== [https://ftp.mozilla.org/pub/firefox/releases/52.2.0esr/linux-x86_64/en-US/ Firefox 52.2.0esr] on Debian stretch (2017-06-22)
+== [Firefox 52.2.0esr](https://ftp.mozilla.org/pub/firefox/releases/52.2.0esr/linux-x86_64/en-US/) on Debian stretch (2017-06-22)
 Same as
 * [[#Firefox52.2.0esronWindows72017-06-22]]
 * [[#Firefox52.2.0esronWindows72017-06-22]]
 * [[#TorBrowser7.0.1basedonFirefox52.2.0esronDebianstretch2017-06-22]]
-{{{
+```
 Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
@@ -3232,4 +3232,4 @@ Secure Sockets Layer
                    Signature Hash Algorithm: 0x0201
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: RSA (1)
-}}}
+```
\ No newline at end of file