Question about package build
Daniel Lenski
dlenski at gmail.com
Sun Sep 1 16:10:19 PDT 2024
On Sun, Sep 1, 2024 at 1:46 PM Moorko <me at moorko.net> wrote:
>
> Thanks for your detailed response, Daniel.
>
> I now realize that I clearly missed the big picture here as I'm relatively new to this domain.
No worries! Looks like you're tackling a tricky problem and asking the
right questions :-)
> > I'm not sure what "flexible" means specifically.
>
> I'm implementing a TLS handshake fragmentation feature for OpenConnect so that it can better resist internet censorship in Iran (and potentially in other places as well).
Ah. We have a tag for Iran-censorship-related issues, definitely
peruse these if you haven't already:
https://gitlab.com/openconnect/openconnect/-/issues/?label_name%5B%5D=Damet%20Garm
Here's a recent and very timely Twitter thread that touches on using
packet fragmentation at various layers to defeat censorship:
https://twitter.com/endermanch/status/1829648801612906916
As described in this thread, injecting extra fragmentation is AT BEST
a stopgap solution, exploiting a lack of (or bugginess in) stateful
session tracking, and nation-level censors WILL eventually prevent it
from working.
> This "fragmentation" can occur at two layers:
>
> 1. The TLS handshake record layer
>
> 2. The TCP layer
>
> I found an API in OpenSSL that allows for modifying the TLS ClientHello packet for this purpose: https://docs.openssl.org/master/man3/SSL_CTX_set_split_send_fragment/
>
> However, I couldn't find a similar API in GnuTLS.
>
> Performing TCP layer segmentation for ClientHello is possible in both OpenSSL and GnuTLS as it is possible in both of them to inject your own transport layer send() function.
>
> It is possible to implement TLS record fragmentation in GnuTLS, but it would require manually handling the entire process within the custom send() function. This approach feels a bit hacky and might compromise code consistency. What do you think? Would the team consider merging something like this? It's probably not a feature that would be used by most users (since I presume most users don't have censorship problems), but it could significantly help those trying to evade censorship.
>
> It was only after I implemented the fragmentation feature that I realized Linux distributions wouldn't include this change because by default they're using GnuTLS and I only implemented this for OpenSSL. 😅
Sounds like you've already implemented it for OpenSSL? Does using this
API actually allow you to successfully bypass the Divar-e-Bozorg and
establish a TLS handshake with a TLS-based VPN server? 😅
And if so, can you share the code/diff? (Perhaps privately if you prefer.)
If this technique does actually work for circumventing censorship, I
think we could make a very good case for adding a similar capability
to GnuTLS and I'd be happy to help with it :-)
> > What's the source for this "better performance" claim
>
> It's probably not valid. I haven't run any benchmarks myself, so I apologize for making an unverified claim. I read it here: https://subscription.packtpub.com/book/security/9781800560345/2/ch02lvl1sec06/comparing-openssl-with-gnutls
Let's leave this part aside for now since it's probably not the most
important problem to solve.
Daniel
More information about the openconnect-devel
mailing list