On Wed, Oct 07, 2015 at 10:06:00AM +1100, Tim Wilson-Brown - teor wrote:
Hi All,
This morning I observed a “free wifi” network blocking tor’s SSL connections. While other SSL connections from my machine went through, I observed multiple network traces of tor completing a TCP 3-way handshake, and then getting no reply to the first SSL packet it sent.
I think they may have been blocking unknown or untested certificates, but I can’t be sure.
Still, I was able to use meek(-google) to access tor.
Has anyone else seen this kind of blocking behaviour? (Is this the right list?)
I don't know about specific instances in the free wifi scenario, but some national censorship systems work that way, observing something about the handshake rather than blacklisting the IP addresses of directory authorities or relays.
Iran filters Tor by ssl handshake, Sept 2011 https://bugs.torproject.org/4014
GFW probes based on Tor's SSL cipher list (Dec 2011) https://bugs.torproject.org/4744
Ethiopia blocks Tor based on ServerHello (Jun 2012) https://bugs.torproject.org/6045
Kazakhstan uses DPI to block Tor (Jun 2012) https://bugs.torproject.org/6140
UAE uses DPI to block Tor (Jun 2012) https://bugs.torproject.org/6246
The Philippines are blocking Tor? (Jun 2012) https://bugs.torproject.org/6258
How is Iran blocking Tor? (Oct 2012) https://bugs.torproject.org/7141
SSL handshake filtered when MAX_SSL_KEY_LIFETIME_ADVERTISED is 365 days (Mar 2013) https://bugs.torproject.org/8443