Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • M meek
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 13
    • Issues 13
    • List
    • Boards
    • Service Desk
    • Milestones
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Jobs
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Anti-censorship
  • Pluggable Transports
  • meek
  • Issues
  • #28168
Closed
Open
Issue created Oct 23, 2018 by David Fifield@dcfOwner

Use ESNI via Firefox HTTPS helper

As of 2018-10-18, Firefox Nightly supports encrypted SNI, and Cloudflare supports it on the server side. Because meek supports using Firefox as a channel for issuing HTTPS requests, it ought to be pretty easy to adapt the meek client software to use ESNI rather than domain fronting. The server software doesn't need any change.

These steps are untested:

  1. Download Tor Browser and Firefox Nightly.
  2. Go to about:config in Firefox Nightly and set
    • network.trr.mode=3
    • network.trr.uri=https://1.1.1.1/dns-query
    • network.security.esni.enabled=true
  3. Copy the meek-http-helper@bamsoftware.com.xpi from Tor Browser to Firefox Nightly.
  4. Hack meek-client-torbrowser/{mac,linux,windows}.go to point firefoxPath at the copy of Firefox Nightly and disable the custom profile. (Additional hacks to remove hardcoded Tor Browser assumptions may be required.)
  5. Set up a Cloudflare instance pointing to https://meek.bamsoftware.com/, call it https://meek.example.com/.
  6. Set up a custom bridge in Tor Browser, using url= without front= (because we're no longer domain fronting).
    bridge meek 0.0.2.0:3 url=https://meek.example.com/

Of course, once ESNI support makes it into the version of Firefox used by Tor Browser, this will be even easier, not requiring a separate Firefox Nightly.

Edited Mar 29, 2021 by David Fifield
Assignee
Assign to
Time tracking