Open Bug 1905033 Opened 1 year ago

Use TLS padding extension to randomly pad ClientHello data

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: ip5awlyz3, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0

Steps to reproduce:

Browse any HTTPS site.

Actual results:

Man in the middle can detect TLS traffic by ClientHello packet length.
It can happen even if I use some (almost any) kind of VPN / Proxy.
In general case, VPN / Proxy does not apply any random padding to ClientHello packet, so it's still detectable.

Expected results:

Firefox should use TLS padding extension to randomly pad ClientHello data to harden against traffic pattern detection, classification and fingerprinting.
Support of TLS padding extension is already implemented according to Bug 944157.

You need to log in before you can comment on or make changes to this bug.