On Tue, Aug 14, 2012 at 05:13:56PM +0200, tor-admin wrote: > My understanding of bridge detection was, that Chinas GFW is able to detect > the Tor SSL handshake and does active bridge probing after a successful > connection to a (for the GFW) unknown bridge IP. So they should be able to > block any bridge publish or unpublished very quickly, if someone from behind > the GFW connects to a bridge. Am I missing something?
We haven't made a big fuss about it, but Tor 0.2.3.17-beta uses a new ciphersuite in the ssl client hello, and I believe China's current DPI doesn't notice it. https://lists.torproject.org/pipermail/tor-talk/2012-June/024511.html The extra-fun part is that if a Tor 0.2.2 client connects to the bridge, it triggers the probing you describe (and thus the blocking). But if only Tor 0.2.3.17+ clients connect, no probing (and thus no blocking). Obfsproxy's obfs2 protocol is way better at not getting blocked currently; but I'm holding out for an obfs3 release, with a new protocol that's harder to DPI for, before we push for a big rollout there. --Roger _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
