Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Split TLS ClientHello to better characterise SNI blocking #622

Closed
bassosimone opened this issue May 22, 2020 · 4 comments
Closed

Split TLS ClientHello to better characterise SNI blocking #622

bassosimone opened this issue May 22, 2020 · 4 comments
Assignees
@bassosimone
Labels
effort/L Large effort interrupt Task not planned during planning priority/low Low priority
Milestone
Sprint 26 - Neerali

Comments

@bassosimone
Copy link
Contributor

bassosimone commented May 22, 2020
edited
Loading

The idea here is to start off with a simple solution where we split the ClientHello packet in two segments.
@bassosimone bassosimone added this to the Sprint 14 - Ponyo milestone May 22, 2020
@bassosimone bassosimone self-assigned this May 22, 2020
@bassosimone bassosimone added effort/M Medium effort priority/high High priority labels May 25, 2020
@bassosimone bassosimone changed the title Investigate splitting the ClientHello to avoid SNI blocking Investigate splitting the ClientHello to avoid SNI blocking (1/n) May 25, 2020
@bassosimone bassosimone added effort/S Small effort priority/low Low priority and removed effort/M Medium effort priority/high High priority labels May 25, 2020
@bassosimone
Copy link
Contributor Author

Moved to another Sprint and sprint points divided among #619 and #650.

@bassosimone bassosimone changed the title Investigate splitting the ClientHello to avoid SNI blocking (1/n) Split TLS ClientHello to avoid SNI blocking Jun 8, 2020
@bassosimone
Copy link
Contributor Author

Shifted to next sprint because of #651

@bassosimone bassosimone removed this from the Sprint 16 - Neon milestone Jun 22, 2020
@bassosimone bassosimone added the interrupt Task not planned during planning label Nov 11, 2020
@bassosimone bassosimone added this to the Sprint 26 - Neerali milestone Nov 11, 2020
bassosimone added a commit that referenced this issue Nov 11, 2020
@bassosimone
feature(tlstool): very rough tool to experiment with SNI splitting
9e0d758 
First exploratory step towards #622.
@bassosimone bassosimone mentioned this issue Nov 11, 2020
Merged
bassosimone added a commit that referenced this issue Nov 11, 2020
@bassosimone
feature(tlstool): very rough tool to experiment with SNI splitting (#…
c1b4d6f 
…1035)

First exploratory step towards #622.
@bassosimone
Copy link
Contributor Author

We started implementing the concept in #1035. Now we will run some tests.

bassosimone added a commit that referenced this issue Nov 11, 2020
@bassosimone
refactor(tlstool): make space for several splitting techniques
a7203e9 
Part of #622
@bassosimone bassosimone mentioned this issue Nov 11, 2020
Merged
bassosimone added a commit that referenced this issue Nov 11, 2020
@bassosimone
refactor(tlstool): make space for several splitting techniques (#1036)
24aa4b0 
Part of #622
bassosimone added a commit that referenced this issue Nov 11, 2020
@bassosimone
feature(tlstool): add 8:4:rest segmenter
6865ead 
See #622
@bassosimone bassosimone mentioned this issue Nov 11, 2020
Merged
bassosimone added a commit that referenced this issue Nov 11, 2020
@bassosimone
feature(tlstool): add 8:4:rest segmenter (#1037)
2ade398 
* feature(tlstool): add 8:4:rest segmenter

See #622

* Apply suggestions from code review
bassosimone added a commit to ooni/spec that referenced this issue Nov 12, 2020
@bassosimone
doc(sni-blocking): don't spec real helper FQDN
1d30004 
The spec should not say that the experiment will use a specific domain name since
that's clearly too binding. Let us instead just use example.org as an example and let
us the experiment be free to update the real helper depending on its needs.

This change opens up the opportunity of dynamically provisioning the real helper
to the probes depending on the country and on other factors.

Related PR: ooni/probe-engine#1040

Work done in the context of: ooni/probe-engine#622
@bassosimone bassosimone mentioned this issue Nov 12, 2020
Merged
bassosimone added a commit that referenced this issue Nov 12, 2020
@bassosimone
refactor(tlstool): support more ways of splitting SNI
4d905df 
Part of #622
@bassosimone bassosimone mentioned this issue Nov 12, 2020
Merged
bassosimone added a commit that referenced this issue Nov 12, 2020
@bassosimone
refactor(tlstool): support more ways of splitting SNI (#1041)
7c70195 
* refactor(tlstool): support more ways of splitting SNI

Part of #622

* fix: use correct version number

* Apply suggestions from code review

* fix imports
@bassosimone bassosimone added effort/L Large effort and removed effort/S Small effort labels Nov 13, 2020
@bassosimone
Copy link
Contributor Author

We have merged to master an exploratory experiment that will allow us to play with the concept. We may want to merge this experiment into other experiments at a later time. For now we can consider this work done.

@bassosimone bassosimone changed the title Split TLS ClientHello to avoid SNI blocking Split TLS ClientHello to better characterise SNI blocking Nov 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bassosimone bassosimone

Labels
effort/L Large effort interrupt Task not planned during planning priority/low Low priority
Projects
None yet
Milestone
Sprint 26 - Neerali
Development

No branches or pull requests
1 participant
@bassosimone